On 29 June 2019, Capital One Financial Corporation announced to have experienced one of the largest breach of data in the financial world. Hackers took control of 106 million data from individuals who had applied for credit card products and customer information. Hackers made away with one million Social Insurance Numbers of its Canadian customers, 140,000 Social Security numbers and 80,000 bank account numbers. A total of 6 million Canadians were affected as well as 100 million U.S. customers.
Image Source: www.pcworld.com
In a press release issued by the company, the 106 million stolen customers information had been in their custody between 2005 and 2019.
The intensity of the hit and the response of the company to this and previous breach of data have forced people to file lawsuits against them.
John Yanchunis, an Attorney stated that Capital One has failed to protect the sensitive information taken from customers. According to him, there was much expectation that Capital One would take responsibility for this breach and protect its customer information. However, they continue to shirk that responsibility.
In a press release, Capital One made no mention of how the compromised Social Security numbers would make victims liable to identity theft and fraud. They stated that the incident would cost them between $100 million and $150 million. This amount will be incurred on credit monitoring, consumer notification, legal support and technology cost.
Capital One also expressed their worry over how this breach of data would affect their financial results. They stated that there is an insurance that has a total coverage limit of $400 million on cyber-risk event.
On 17 July 2019, Capital One had a piece of information that its data had been displayed on Github. According to reports, the company later realized that hackers had taken advantage of its configured firewalls of cloud computing servers of Amazon Web Services.
Immediately after confirming the display of its customers’ data on the Github platform, they informed the law enforcement which gave the FBI the legal right to trace the intrusion according to the U.S. Attorney Brian Moran. Moran, therefore, commended the law enforcement partners for their tireless effort to determine the status of the data and to secure it.
On the authority of the press release, the financial company has been able to fix the configuration vulnerability that was taken advantage of. From the press release, it has been deduced that the bank has taken proactive measures to ensure all customers data collected in the future are given the needed protection. They also confirmed that the suspect behind this data breach has been arrested and currently in the police custody.
The bank stated that an investigation conducted into the incident revealed that it is unlikely for the stolen data to be used for fraud, or disseminated. They added that the investigation is ongoing.
The Capital One Financial Corporation has joined the tall list of companies that have fallen into the dangerous web of hackers including Stockx.
The Suspect Involved in the Data Breach
Paige A. Thompson, a software engineer and a former employee at Amazon was allegedly behind the breach of data. She was charged with one count of computer fraud and abuse.
According to the criminal complaint, Thompson went to the Github platform on 21 April 2019 to post on the compromised data. The file was named “April 21 file”, and contained about 700 folders. Reports indicate that Thompson also added codes for three commands to extract the compromised customers’ data. It was also reported that the GitHub address where the file was uploaded contained the name of the accused person and a link to his profile.
Joel Martini, an FBI agent revealed that he discovered a group on a platform called Meetup, created by Thompson. In the group was an invitation link to their slack page. The criminal complaint filed against her shows that Thompson posted a list of the file into the page, and one of the members jokingly told her not to go to jail. She replied that she would get rid of them from her server, that is why she is archiving them.
It was also stated that Thompson had a conversation with another user on Twitter, on 18 June 2019. The user expressed his desire to distribute the file obtained. Thompson also showed her desire to disseminate the data stolen from Capital One.
Image Source: www.pcworld.com
The recent breach of data incident recorded shows how individuals and companies pay less attention to security. Hackers have taken advantage by using their sophisticated tools and methods to illegally access these platforms to steal sensitive information. North Korea was recently accused of being behind most of these hacking incidents.
It is expected that the recent rise of breach of data would force institutions to implement a higher form of security to protect customer information.
Source: WORLD SOCIALIST WEB SITE (WSWS)
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.