Answer-first summary for fast verification
Answer: A former staff member of the vendor hacked into a database of Capital One's personal customer information that was stored on the vendor's cloud services platform and stole much of this information.
**D is correct.** The Capital One loss was caused by a data breach in which a former cloud-services vendor employee exploited a weakness in a misconfigured web application firewall to gain access to the files stored in an Amazon Web Services (AWS) database. As a result, tens of thousands of customer Social Security numbers and account numbers were stolen, and Capital One was fined USD 80 million dollars for "failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment". **A, B, and C are incorrect.** These did not contribute to the loss. **Key Learning:** This case highlights the critical importance of robust third-party risk management, particularly when migrating sensitive data to cloud environments, and the need for effective security controls and monitoring of vendor relationships.
Author: LeetQuiz .
Ultimate access to all questions.
An enterprise risk consultant is presenting about the management of risk associated with third-party vendor relationships at a financial conference. To emphasize the importance of understanding this risk and to illustrate lessons learned, the consultant describes several past examples of large losses and data breaches incurred by different financial institutions due to deficient or fraudulent third-party vendor practices. One example provided is the large loss incurred by Capital One, a US-based bank holding company, that resulted from its relationship with a third-party vendor. Which of the following best describes the circumstances that led to the loss in this case?
A
The vendor provided an inaccurate loan pricing model to Capital One, which incurred far greater default losses than expected.
B
A bill payment system provided by the vendor failed for an extended period of time, resulting in many Capital One customers canceling their accounts and causing severe reputational impact.
C
The vendor's sales manager established extremely high incentives for its representatives to sell Capital One products, resulting in regulatory fines for selling inappropriate products to consumers.
D
A former staff member of the vendor hacked into a database of Capital One's personal customer information that was stored on the vendor's cloud services platform and stole much of this information.
No comments yet.