Capital One breach – 100 million users’ data stolen

Security

Global financial services company Capital One has just announced a massive data breach:

The breach notification starts in general terms:

Capital One Financial Corporation announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

The company continues:

Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.

So far, there are no details to suggest what sort of vulnerability was exploited, and therefore no indication of what has now been changed and how permanent or effective the fixes might be.

We don’t know whether it was an unpatched security flaw, an incorrectly configured access control setting, or some other cybersecurity issue.

The breach is notable more for what was taken than what wasn’t, covering:

  • 100,000,000 users in the USA
  • 6,000,000 users in Canada
  • Any consumer or small business who applied for a credit card in the past 14 years (2005 to early 2019).
  • Personal data including names, addresses, zip codes, phone numbers, email addresses, dates of birth, income.

Some customers also had the following information lifted:

  • Credit scores, credit limits, balances, payment history, contact information and more.
  • Social security numbers (SSNs).
  • Bank account numbers linked to credit cards.

The silver lining is that the majority of customers didn’t lose SSNs in the breach – Capital One says that only 140,000 SSNs and 80,000 bank account numbers were acquired.

The bad part of that, of course, is that if you’re one of the 140,000 then you’re a bit more exposed than the other 99.9% of breached customers.

What to do?

So far, Capital One isn’t giving any advice on what to do next, or offering any services such as credit monitoring to help you keep track of problems that may arise.

According to reports, a hacker called Paige Thompson has been arrested in relation to this crime, apparently after boasting online about their actions.

Presumably, the speedy arrest is what has led Capital One to say that it doesn’t think the data has been sold on and therefore that the risk is low.

Nevertheless:

  • Keep a careful eye on all your statements. Report suspicious transactions immediately.
  • If you have signed up to a credit reporting service, take the time to read the reports you receive. They’re there to help you spot account problems early on, not merely so you can track them down later!
  • Revisit the Capital One info page in a day or two. The company says that “the investigation is ongoing and analysis is subject to change.”

Products You May Like

Articles You May Like

Week in Review: Apple’s rebirth as a content company has a forgettable debut
Black Friday sees record $7.4B in online sales, $2.9B spent using smartphones
Fake Android apps uploaded to Play store by notorious Sandworm hackers
Face scanning – privacy concern or identity protection?
In “60 Minutes” appearance, YouTube’s CEO offers a master class in moral equivalency

Leave a Reply

Your email address will not be published. Required fields are marked *