Published: Wed, July 31, 2019
Money | By Ethel Goodwin

Capital One target of massive data breach

Capital One target of massive data breach

Millions of Canadians have been affected by a security breach at an American bank.

Capital One Financial announced late Monday it had learned of a data breach that it says involves the personal information of more than 100 million customers.

The firm said in a statement released on Monday that the breach affected approximately 100 million individuals in the USA and 6 million people in Canada.

About 140,000 Social Security numbers were accessed, as well as 80,000 bank account numbers from credit-card customers, the bank said.

The data was collected from 2005 to early 2019, and involved personal information of customers, in addition to credit scores, credit limits, balances, payment history, and contact information.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened", Capital One chairman and CEO Richard Fairbank said in a statement.

"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right".

The hacker was able to "exploit" a "configuration vulnerability" in the company's infrastructure, it said, adding that the vulnerability was reported to Capital One by an external researcher.

In wake of the news, Capital One shared that they are notifying all of the affected individuals and "will make free credit monitoring and identity protection available to everyone affected".

The fact that the data wasn't technically hacked is even reflected in the charge against Thompson: intentionally accessing a computer without authorization.

"The intrusion occurred through a misconfigured web application firewall that enabled access to the data", the US Department of Justice said.

With the admin credentials in hand, Thompson is alleged to have viewed the data in Capital One's S3 buckets, and also exfiltrated large amounts of information via a Swedish virtual private network provider, IPredator.

The FBI seized Thompson's devices on Monday after obtaining a search warrant, and arrested the 33-year-old.

She appeared in court in Seattle on Monday and will be detained pending a hearing on August 1.

Even with these increased costs, Capital One states that they have cyber security insurance that will cover up to $400 million with a $10 million deductible. Thompson is now awaiting trial, and could face up to five years in prison and a $250,000 fine.

Capitol One Founder and CEO, Richard Fairbank (L), District of Columbia Mayor Anthony Williams (C), and actor Bruce Willis pose for a photo in Washington, on December 6, 2004.

Like this: