Capital One Financial Seeks New CISO After Security Breach
Capital One Financial is seeking a new chief information security officer (CISO) after a July 2019 breach disclosure. Former CISO Michael Johnson will shift to an adviser role, and commercial bank CIO Mike Eason becomes interim CIO, The Wall Street Journal reports.
Capital One Financial in July discovered a massive cybersecurity breach that affected 100 million individuals in the United States and approximately 6 million in Canada. The breach involved a misconfigured Web application firewall (WAF) on Amazon Web Services (AWS).
AWS distanced itself from the breach, telling Newsweek at the time:
“AWS was not compromised in any way and functioned as designed. The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud.”
Within Capital One, at least a dozen experienced cybersecurity employees have left the bank since the breach, the Journal reported. Many of them were frustrated by security lapses that hadn’t been fully addressed, the report asserts.