Answer-first summary for fast verification
Answer: A former staff member of the vendor hacked into a database of Capital One's personal customer information that was stored on the vendor's cloud services platform and stole much of this information.
## Explanation The correct answer is **D** because this accurately describes the actual Capital One data breach incident that occurred in 2019. ### Background: - In July 2019, Capital One experienced a major data breach where a former employee of Amazon Web Services (AWS) hacked into Capital One's customer data stored on AWS's cloud platform - The hacker, Paige Thompson, exploited a misconfigured web application firewall to access the data - Approximately 100 million Capital One customers in the US and 6 million in Canada were affected - The stolen data included personal information such as names, addresses, credit scores, and Social Security numbers ### Why the other options are incorrect: - **A**: While inaccurate models can cause losses, this was not the specific case with Capital One's vendor-related incident - **B**: System failures can cause reputational damage, but this doesn't match the actual Capital One incident - **C**: While incentive misalignment can lead to regulatory issues, this wasn't the nature of Capital One's vendor-related loss ### Key Risk Management Lessons: - Third-party vendor risk management is critical, especially for cloud service providers - Proper configuration and access controls are essential for cloud-based data storage - Vendor due diligence should include security assessments and monitoring - The incident resulted in Capital One paying $80 million in fines and $190 million in customer settlements
Author: LeetQuiz .
Ultimate access to all questions.
An enterprise risk consultant is presenting about the management of risk associated with third-party vendor relationships at a financial conference. To emphasize the importance of understanding this risk and to illustrate lessons learned, the consultant describes several past examples of large losses and data breaches incurred by different financial institutions due to deficient or fraudulent third-party vendor practices. One example provided is the large loss incurred by Capital One, a US-based bank holding company, that resulted from its relationship with a third-party vendor. Which of the following best describes the circumstances that led to the loss in this case?
A
The vendor provided an inaccurate loan pricing model to Capital One, which incurred far greater default losses than expected.
B
A bill payment system provided by the vendor failed for an extended period of time, resulting in many Capital One customers canceling their accounts and causing severe reputational impact.
C
The vendor's sales manager established extremely high incentives for its representatives to sell Capital One products, resulting in regulatory fines for selling inappropriate products to consumers.
D
A former staff member of the vendor hacked into a database of Capital One's personal customer information that was stored on the vendor's cloud services platform and stole much of this information.
No comments yet.