/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Capital One data breach inquiry launched by Republicans

The US House of Representatives Committee on Oversight and Reform has requested a briefing with Capital One over the data breach that left 106 million credit card holders and applicants in the US and Canada at risk of their personal information being stolen.

2 comments

Capital One data breach inquiry launched by Republicans

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

According to the Financial Times, two letters were published Thursday appealing to both Capital One and Amazon for a “staff-level briefing” amid increasing political scrutiny of cybersecurity practices.

The committee have asked CEO Richard Fairbank for further information and a response from the bank, “to help us more fully understand Capital One’s recent incident and its potential to affect millions of Americans”.

This news follows a probe into the breach being announced earlier this week by New York’s attorney-general. A Capital One spokesperson added: “We have proactively engaged in discussions with lawmakers and elected officials since the arrest of the perpetrator of this cyber incident on Monday and will continue to do so.”

Dubbed one of the largest data breaches to hit a financial services firm, the Capital One hack is expected to cost the company between $100 million and $150 million.

While tens of millions of applications and approximately 77,000 bank account numbers are at risk, the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security numbers on the applications.

Seattle-based Paige A. Thompson was arrested on computer fraud and abuse charges and on suspicion of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One” under the online alias ‘erratic’.

Thompson formerly worked for Amazon Web Services, which hosted the Capital One database that was breached.

The committee also published a letter for Amazon head Jeff Bezos, demanding further information on the status of AWS security protocols to ensure security of personal and government data ahead of the 2020 US census. AWS is also in the running for the Department of Defense’s cloud computing contract.

The FT also reveals that Thompson may have also stolen data from UniCredit and Ford, while Vodafone was also flagged as a possible target by cybersecurity researchers.

Sponsored New Report – The Future of Embedded Finance in Africa 2025

Comments: (2)

Mark Anderson

Mark Anderson General Manager at BioTechnologies

Media nonsense again ??

"106 million credit card holders and applicants in the US and Canada at risk of their personal information being stolen."

..." the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security"....

So what is it Finextra. A massive data breach - or a massive beef up of an article. 

 

Andrew Smith

Andrew Smith Founding CTO at RTGS & ClearBank

Personal data being lost for 106m people is serious! It won't be hard to form fuller details on the individuals exposed, so in terms of ID theft and applying for credit in that persons name - thats pretty easy now....

I would love to know what "most" means in terms of, most peoples Social Security wasn't compromised....Is it just 10% of the 106m people??? Come on, the numbers here are massive, and yet again proves that digital identity needs to be addressed. There is no reason for companies to be directly storing this type of data in this day and age.....

BTW a cost of $100m is only $1 per person compromised. That's cheap, especially if that person suffers ID theft as a result of this breach!

[On-Demand Webinar] SEPA Inst Mandate: Impacts on Day 1, Day 90 – and beyond?Finextra Promoted[On-Demand Webinar] SEPA Inst Mandate: Impacts on Day 1, Day 90 – and beyond?