An enterprise risk consultant is presenting about the management of risk associated with third-party vendor relationships at a financial conference. To emphasize the importance of understanding this risk and to illustrate lessons learned, the consultant describes several past examples of large losses and data breaches incurred by different financial institutions due to deficient or fraudulent third-party vendor practices. One example provided is the large loss incurred by Capital One, a US-based bank holding company, that resulted from its relationship with a third-party vendor. Which of the following best describes the circumstances that led to the loss in this case?