U.S. securities regulators have imposed close to $2 billion in fines on more than a dozen financial firms, including eight major Wall Street banks, for failing to police employees who routinely used messaging apps and other “off channel” services on their personal phones to communicate with one another.
The Securities and Exchange Commission announced the charges on Tuesday after a monthslong investigation found that Wall Street firms did not monitor how employees were communicating on work-related matters or keep records of those messages, as federal law requires.
A software engineer at AWS was behind the attack, which exposed information including bank account details. “While Capital One and AWS deny all liability, in the interest of avoiding the time, expense and uncertainty of continued litigation, plaintiffs and Capital One have executed a term sheet containing the essential terms of a class settlement that, if approved by this court, will fully resolve all claims brought by plaintiffs,” a filing with the U.S. District Court for the Eastern District of Virginia read. In an emailed statement, Capital One said that key facts in the case had not changed since it announced the event in coordination with federal authorities more than two years ago, with the hacker arrested and the stolen data recovered before it could be disseminated or used for fraudulent purposes. “We are pleased to have reached an agreement that will resolve the consumer class litigation in the U.S.,” the company added.
In July 2019 the credit agency agreed to pay $575 million -- potentially rising to $700 million -- in a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories over the company’s "failure to take reasonable steps to secure its network."