Hack of Capital One Exposes Information on 100,000 Customers
Capital One is one of the largest credit card issuers in the world. On July 29th 2019, Capital One made an announcement, confirming it is the victim of one of the largest data breaches in financial sector history, as a former software engineer for Amazon has been indicted on charges related to the hacking.
Here’s what we know:
Capital One has admitted that the personally identifiable information (PII) of over 100 million American and Canadian credit applicants’ information has been exposed. The company did admit that no credit card account numbers or authentication credentials were compromised in the hack. They also go on to mention that in 99 percent of the files, social security numbers were not compromised. The largest category of information that was accessed were individual and small business credit applications that span from 2005 to 2019.
The perpetrator, Paige Thompson of Seattle, Washington, was a former software developer for Amazon Web Services (AWS), which took advantage of a firewall misconfiguration to gain access to the information, AWS confirmed Monday. The flaw came as a result of a setup error and not a flaw within the massively popular AWS.
The breach happened on March 22 to 23, 2019. Thompson was apprehended as a result of being reported to Capital One for storing incriminating evidence on her Github and Slack accounts. Capital One contacted the FBI on July 19, 2019 and after a short investigation, Thompson was arrested and indicted by the Western District of Washington.
The CEO of Capital One, Richard Fairbank released the following statement:
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
For a full report of the event, visit: https://www.capitalone.com/facts2019/
Capital One has said that it will inform you if you have been a victim of this massive attack, but if like many of us, too much is at stake to wait for the company to reach out to you, you can take some immediate steps to safeguard your personal information.
- Check your accounts - Account monitoring and fraud detection should be a major part of any action you take to secure personal information.
- Change passwords - One great way to at least feel more secure after a major hack like this is to immediately change your passwords.
- Freeze your credit report - One option you can take to protect yourself is to freeze your credit report, this won’t let any credit reporting services check your credit, meaning if someone were to try to take money out in your name that the banks wouldn’t be able to authorize credit.
- Avoid scams - A big part of keeping any data secure is to not give unauthorized parties access to it. That means avoiding phishing attacks and other scams.
- Continued vigilance - Vigilance over your account information, your personally identifiable information, and your overall financial health is more important than ever. As mentioned above, credit monitoring and fraud detection services give users tools to combat unauthorized access.
Keeping yourself and your business secure online is more difficult than ever. To learn more about data security, subscribe to our blog.
- What You Need to Know About the Growing FinTech Market Money needs to move in order for the economy to work. Traditionally, banks are the major lending institutions, and as a result have to adhere to a myriad of regulations. To provide an equitable system that people aren’t afraid to utilize, there are a lot of checks and balances that have put in place...
- Would You Fall for this Adult Scam if You Saw an Old Passwor... As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them. To preface this scam, we need...
- 4 Internal Threats Every Business Owner Should Understand In light of all the data leaks and vulnerabilities that have been brought to light over the past few years, network security has to be a priority for every business. One problem many organizations have is that while they are protecting their network and infrastructure from threats outside their comp...
- Is It Safe to Have Your Browser Remember Your Passwords? Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you. Nope! While yes, the fact that we no longer ha...
- Getting to Know Technology: Hackers It doesn’t matter how much of a technology novice someone is, chances are, they’ve heard the term “hacker” before. A favorite character trope of Hollywood films and television dramas, these cybercriminals have appeared in productions like Die Hard and Mr. Robot with varying degrees of accuracy. Belo...
- Tip of the Week: How to Spot a Scam What would you do if you sat down at your desk one morning, coffee still kicking in, to discover a pop-up message on your computer announcing that Microsoft has detected a fatal issue with your workstation, and if they aren’t allowed to remote in and fix it, the entire network could be at risk? Woul...