106 Million Affected By Capital One Data Breach
In one of the largest financial data theft incidents in history, Capital One Financial Corporation reported on July 19th 2019 that around 106 million of its clients’ data was leaked due to cyberattack. Of the affected, 100 million are located in the U.S. and 6 million in Canada.
Capital One announced that personal client information between 2005 and 2019 was among the information that was illegally accessed. Leaked data included dates of births, names, emails, addresses (including zip/postal codes), phone numbers, and reported incomes.
Furthermore, customer data including credit scores and limits, account balances, payment histories, and personal contact info were also leaked. 140 000 SSNs and 80 000 bank account numbers were also illegally accessed.
Capital One estimates that the cost of the attack will be between $100 and $150 million, mostly consisting for legal fees, IT monitoring costs, and expenses to notify affected individuals.
The attacker was able to gain access to the Capital One data storage platform – a proprietary web application built off Amazon’s cloud services. Amazon stated that it was not their cloud services that were compromised, as Capital One was fully responsible for the development and maintenance of its own custom platform.
On July 29th 2019 the cyberattacker behind the data breach, a Seattle resident under the online alias “Erratic”, was arrested for illegally accessing the Capital One databases. “Erratic” was a former Amazon employee.
Following an e-mail tip, it was discovered that the attacker’s GitHub account contained the confidential data that was leaked from Capital One.
Was the data breach preventable?
There are several key security best practices that could have prevented the data from being leaked.
Firstly, regular IT security audits could have identified and diagnosed the misconfiguration in the system before it was exploited. Performing penetration testing will also help in determining the robustness of your security systems.
The Capital One breach was the result of a misconfigured web application firewall (WAF). Under normal circumstances, the WAF would have blocked access from unknown IP addresses like the one used by the attacker. The breach occurred because the misconfiguration went unnoticed.
Protect the Decryption Key for critical data.
Encryption is the security measure of scrambling data into an unreadable format that can only be unscrambled by a decryption key. In this case, the attacker was also able to gain access to the means to decrypt the company’s data. This illustrates the importance of protecting the decryption key and keeping it in a separate location that cannot be accessed by cyberattackers.
Do not store archived data online
A portion other accessed data in the Capital One hack dates back 2 decades. Keeping this archived data online is not only financially consuming, but also poses a significant security threat, being vulnerable to cyberattack.
Are your networks safe from cyberattack? GIGE’s IT technicians have over 30 years of experience designing and testing network infrastructure. Call us at +1 888 366 4443 or send us an email at info@gige.ca to get a network security audit.