Movers and SHAKERS
What Are the Dangers of the Capital One Data Breach?
Capital One, on Monday, reported a data breach of customer’s personal information affecting over 100 million Americans. The Capital One costumer user data had been stored with Amazon.com Inc., on a remote data cloud server where companies will incorporate their web applications using Amazon Web Services (AWS). The AWS cloud data was not compromised the former employee who breached the Capital One web application. An Amazon spokesperson stated, “The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure.” Multiple other data breaches have occurred over the last couple years and many American’s private information could have been stolen. Federal prosecutors have stated that the Capital One data breach is one of the largest bank data thefts and customers should be prepare extra measures of security to prevent identity theft.
Culprit Apprehended: The black hat hacker, a software engineer in Seattle who was a former employee of Amazon Web Services (AWS) breached a server containing Capital One customer data and over 100 million people’s personal information. The software engineer had posted information about her hacking exploits on public forum and bragged about the data breach on Twitter and Slack, which the FBI was able to track. The software engineer made an initial appearance on Monday in the U.S. District Court in Seattle and will be charged with computer fraud and abuse by federal prosecution. If convicted the hacker could face a $250,000 fine and up to a five-year prison sentence.
Credit Freeze: The multiple recent data breaches have led to a mass exposure of private American information. Credit freeze’s allow account holders to restrict creditors’ access to their credit report as an added measure of security. Creditors will almost always check an applicant’s credit report before opening a line of credit. If the creditor sees the applicant’s credit report is frozen then it will hinder thief attempting at applying for fraudulent lines. The Federal Trade Commission recommends that people affected by the Capital One data breach contact credit agencies in order to have a credit freeze. Agencies will provide account holders with unique pins which they can use to unfreeze credit reports when applying for new lines of credit.
Passwords: Capital One account log-in credentials were not compromised by the data breach, but it still advisable to change passwords as an additive measure of security. A new password should be unique from other accounts, and incorporate a variety of numbers, words, and symbols, which will make it more difficult for unwanted intruders to access. Reusing passwords across multiple accounts can lead to major security breaches. Capital One account holders can also subscribe to mobile app push alerts which will report to the users whenever a credit card purchase is made.
Credit Monitoring: Capital One is going to provide users affected by the breach with free credit reporting and monitoring, along with identity theft protection services. Account holders should use these credit monitoring services in order to check their credit score and protect themselves from future fraudulent charges or opened lines of credit using stolen information.
People Affected: The Capital One data breach affects 100 million Americans and 6 million Canadians. On Monday, Richard Fairbank, Capital One Chief Executive, wrote “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” Capital One will notify all individuals affected by the data breach. Key information that was exposed includes names, addresses, birth dates, credit histories, bank accounts, and social security numbers all which can be used for identity theft. 140,000 Social Security numbers and 80,000 bank accounts were exposed during the data breach.
Shares Drop: On Tuesday, Capital One Financial Corp shares dropped by 5.8%. Investors shared concerns about the company’s customer data management after 106 million people’s information was compromised by a single person. On Monday, Dominick Gabriele, stock analyst of Oppenheimer & Co, stated “we are a bit surprised that a single individual could penetrate Capital One’s defenses and gain access to so many accounts.” The Capital One user data was stored in a cloud unit within Amazon.com Inc. The cloud computing unit was not breached by the former Amazon Employee. On Tuesday, Amazon shares dropped by 0.6% in correlation with the data breach announcement.
Other Companies Breached: On Monday, the FBI raided the software engineers Seattle home and found storage devices which referenced the Capital One data breach along with other companies which may have been intruded and had information stolen. The hacker had listed multiple various company databases which were found by breaching into web applications that were improperly stored on AWS.
The Capital One and other recent data breaches present the necessity of proper cyber security and implementation of secure cloud-based web applications. Those affected by these security breaches should take precaution in order to protect themselves from identity theft. Account holders have multiple tools at their disposal which they can use to monitor their credit reports and scores. Fortunately, the culprit had been apprehended before even more personal information and data had been breached and released.
https://www.reuters.com/article/us-capital-one-fin-cyber-amazon-com/capital-one-shares-drop-on-questions-over-hack-idUSKCN1UP1LD, David Henry, Supantha Mukherjee JULY 30, 2019
https://www.nbcnews.com/business/consumer/how-protect-yourself-after-capital-one-data-breach-n1036076, Alyssa Newcomb July 30, 2019
https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html, Emily Flitter and Karen Weise July 29, 2019