Capital One data breach leaves 100 million vulnerable

Capital One data breach leaves 100 million vulnerable

Capital One revealed Monday that 100 million credit card applications had been accessed, resulting in thousands of Social Security and bank account numbers being left at risk.

Dubbed one of the largest data breaches to hit a financial services firm, the Capital One hack is expected to cost the company between $100 million and $150 million.

The FBI compliant says that although some SS numbers had been tokenised or encrypted, information such as names, addresses, dates of birth and credit history had not. The data at risk includes “likely tens of millions of applications and approximately 77,000 bank account numbers.”

However, the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security numbers on the applications.

After a number of online boasts under the online alias ‘erratic’, Seattle-based Paige A. Thompson was arrested on computer fraud and abuse charges and on suspicion of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One,” according to a criminal complaint filed in federal court.

Paige formerly worked for Amazon Web Services, which hosted the Capital One database that was breached. She will remain in jail pending a detention hearing on Thursday.

Richard D. Fairbank, Capital One’s chairman and chief executive, apologised: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

This news comes soon after the meme-worthy $700 million Equifax data breach settlement which left a staggering 147 million people vulnerable in 2017.

Comments: (2)

Gerard Hergenroeder
Gerard Hergenroeder - Payments Shark - Millersvile 30 July, 2019, 16:22Be the first to give this comment the thumbs up 0 likes

Why am I am surprised? Many banks like CapOne have rushed to the clould  thinking they have all their bases covered. Not so! Clould providers, especially Amazon, do not have 50 years  experience with running large enterprise platforms with sensitive customer data. After all expenses from this disaster are accounted for, CapOne will have realized that they should have taken a hybrid approach to cloud computing and realize that they should never put their customer at risk in the cloud.

I was a trusted advisor on a cloud payments projects and insisted that they use hardware encryption devices. Amazon told the client that their security software were correct. At that point I left the project.

A Finextra member
A Finextra member 30 July, 2019, 18:55Be the first to give this comment the thumbs up 0 likes

@Gerard, Thank you for sharing...I agree with your approach on cloud computing,