Capital One has eliminated 1,100 agile tech jobs, part of its “overall tech transformation.”
According to Bloomberg, the company is eliminating jobs specifically focused on agile development. Instead, the company plans for existing engineering and product management roles to integrate agile methods in their work routines.
“Decisions that affect our associates, especially those that involve role eliminations, are incredibly difficult,” the company said in the statement to Bloomberg. “This announcement is not a reflection on these individuals or the work they have driven on behalf of our technology organization. Their contributions have been critical to maturing our software-delivery model and our overall tech transformation.
“The agile role in our tech organization was critical to our earlier transformation phases but as our organization matured, the natural next step is to integrate agile delivery processes directly into our core engineering practices,” Capital One added.
Impacted employees are being invited to apply for other roles within the company. Those that don’t find new jobs inside Capital One will be given at least 16 weeks severance pay.
Capital One is expanding into new markets, launching Capital One Software, an enterprise B2B software business.
Capital One is already one of the leading companies in the US banking industry. The company has a long history of using the cloud to power growth and solve problems, and now it wants to leverage that experience to help its customers do the same with its Capital One Software.
The new business’ first product is Capital One Slingshot, “a data management solution for customers of Snowflake, the Data Cloud company.” Slingshot is built on Capital One’s experience managing vast amounts of data, and will help customers scale their cloud data, automate governance, and manage costs.
“As one of the first large enterprises to go all-in on the public cloud, Capital One has pioneered the adoption of modern data and cloud capabilities. We’ve solved technology challenges faced by America’s largest enterprises and increased our speed and agility in delivering breakthrough products and experiences for customers. We recognize that many other businesses are facing similar data management needs as they accelerate their cloud and data journeys, so bringing some of the tools we’ve built and scaled to market as enterprise B2B software solutions is a natural evolution for us,” said Ravi Raghu, Executive Vice President, Head of Capital One Software. “Starting with the launch of Capital One Slingshot, Capital One Software will offer proven solutions that have been battle-tested by one of the nation’s largest enterprises serving more than 100 million customers.”
Capital One has been fined some $80 million by the government for failing to adequately protect consumer data.
In 2019, Capital One suffered one of the largest financial hacks in history, exposing 80,000 bank account numbers and 140,000 Social Security numbers. The US Treasury Department’s Comptroller of the Currency said the bank was negligent when it transitioned to the cloud in 2015, and failed to properly implement the necessary security measures.
In some cases, the company’s internal audit failed to catch security issues. In other cases, the Board of Directors failed to act on issues the internal audit did flag. As a result, the Treasury Department is fining Capital One $80 million, which the company has agreed to pay.
Capital One’s example should serve as a reminder to companies that security should always be a prime consideration—not an afterthought.
“People are going to really give a hard look at cloud security,” says Darktrace CEO Nicole Eagan. “At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.”
People Are Going To Really Give a Hard Look At Cloud Security
There is so much positive momentum around cloud and so many benefits that I don’t anticipate seeing a pendulum swing back to on-prem data centers (because of the Capital One cyber hack). What I do think it means is people are going to really give a hard look at cloud security. This attack was a result of a vulnerability known as a configuration error in a Web Application Firewall that was specific to Capital One. What it does show is these configuration errors are actually really very commonplace. They’re commonplace in on-prem data centers and in cloud.
This does highlight a few things. It does highlight insider threats, someone who had some insider knowledge. It also highlights supply chain level security. At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.
Capital One Attack Was Human Error
Configuration errors are basically a human error. Somebody somewhere made a human error, a mistake. We have to expect that humans are fallible and we’re going to see those type of errors. What’s so strange about this one is how public the disclosure was by the attacker on Twitter and GitHub and other places. That was what made it so unusual but also meant that the investigation moved very quickly. It seems like there’s been quite a bit of transparency as well.
It’s interesting timing because we’re actually going into Back Hat and DEF CON, which is often known as a summer camp for hackers. There will be literally tens of thousands of people in Las Vegas next week. All of this is going to change the conversation. We’re going to see a lot about cloud security, about 5G security, about encryption and decrypting data, and of course, the evolution towards AI-based attacks.
What’s interesting is that people want to kind of say let’s make sure we prevent the kind of attacks we saw in 2016 (regarding the election). The reality is the way the cybersecurity industry works the attackers keep moving on. They keep changing what’s called threat vectors. I do think we’ll see plenty of threats for 2020 but they may not look anything like the ones we saw in 2016.
People Are Going To Give a Hard Look At Cloud Security – Darktrace CEO Nicole Eagan
Amazon announced that Capital One will be the first company to provide customers with the ability to interact with their financial information through Alexa-enabled devices like the Amazon Echo, Fire TV, or the new Amazon Tap or Echo Dot.
“Starting today, customers can stay on top of their credit card account by checking their balance, reviewing recent transactions, or making payments as well as get real-time access to checking and savings account information to understand their available funds– all hands free,” a spokesperson said in an email.
“The Alexa Skills store is quickly growing, and today we’re excited to add the Capital One skill – which is the first skill that will enable Alexa users to interact with their financial accounts,” said Alexa Direcotr Rob Pulciani. “Now Alexa can quickly provide your Capital One banking balance, latest transactions and more on Amazon Tap, Echo Dot, Amazon Echo or Fire TV devices —all conveniently with just your voice. More and more voice experiences are coming, and it’s only going to get better for our customers.”
Capital One customers can interact with their accounts by enabling the Capital One skill in the Alexa app, and then saying things like “Alexa, ask Capital One for my Quicksilver Card balance,”…for recent transactions on my checking account,” …when is my credit payment due?,” or “pay my credit card bill.”
The Capital One Alexa skill is available starting today.
Capital One must repay its credit card customers $150 million after federal regulators determined the company was using deceptive business practices to trick its clients into signing up for services they didn’t want or need. Although Capital One neither admitted nor denied liability in the settlement — they claim third party vendors were to blame for the problems — they won’t be able to escape paying an additional $60 million in penalties to the government.
“We are accountable for the actions that vendors take on our behalf,” explained Ryan Schneider, president of Capital One’s credit card business. “These marketing calls were inconsistent with the explicit instructions we provided to agents for how these products should be sold. We apologize to those customers who were impacted and we are committed to making it right.” And by committed, of course, they mean forced to by the Consumer Financial Protection Bureau.
According to Richard Cordray, director of the aforementioned bureau, Capital One used deceptive practices to get its customers to sign up for such services as payment protection plans and credit monitoring. Employees at various call centers would often lie to card holders about the price of such options, sometimes proclaiming that signing up was free. Others told clients these services weren’t optional, leading some to say they felt pressured into getting the products.
Although Capital One is guilty of using such tactics, Cordray stated that such practices were not unique to one single institution. “We are putting companies on notice that these deceptive practices are against the law and will not be tolerated,” he stated.
Did you or someone you know fall victim to these extremely shady business transactions? Here’s what you need to know about the refund: If you’re still a customer with Capital One, then a refund should show up on your account. Those of you who have closed your accounts, however, should receive a check in the mail. These refunds will be issued by the end of the year.
