Capital One Financial Corp. is pushing forward with its plan to move more of its operations into the cloud, even in the wake of a massive data breach that compromised millions of customers' information.
"While the event occurred in the cloud, the vulnerability that led to our breach is not specific to the cloud and could have happened in an on-premise data center," said Richard Fairbank, the bank's chairman and CEO, on Oct. 24 during the company's third-quarter earnings conference call. "We remain absolutely committed to our digital strategy and our technology transformation, and the public cloud is an essential element of that strategy."
Fairbank's sign of support for the bank's cloud plan comes nearly three months to the day after Capital One disclosed a data breach that had compromised about 100 million current and potential U.S. and Canadian customers' personal information, including some Social Security numbers and linked bank account numbers.
At that time, Capital One said the technical issue had been fixed. The hack was allegedly orchestrated by a former Amazon.com Inc. employee who worked in the e-commerce giant's cloud business, Amazon Web Services, and exploited a weakness in the system.
The financial impact of the Capital One breach was relatively muted in the third quarter, driving non-adjusted EPS down by 4 cents. But the broader implications from the hack have been wide ranging, with several lawmakers calling on regulators to bolster their oversight of cloud providers such as Amazon Web Services. The same day Fairbank issued his support for the company's cloud plans, Democratic Sens. Ron Wyden of Oregon and Elizabeth Warren of Massachusetts sent a letter to the Federal Trade Commission to open an investigation to assess whether "Amazon's failure to secure the servers it rented to Capital One may have violated federal law."
But Capital One's chief executive said the public cloud in fact was an aid in its assessment of the data breach, while adding during the call that the bank was able to "tokenize critical data at scale" because of it.
"Naturally, with an event like this, we're pouring a lot of energy into making sure we get all the learnings and harnessing the energy from an experience like that to really further strengthen our cybersecurity and our capabilities across the board," Fairbank said. "But we are reminded even through this event of the benefits and power of the public cloud."