Wednesday, July 31, 2019

Capital One Suffers Breach of 100 Million Customers... All from One Hacker


It seems you can’t see a list of technology headlines lately where at least *one* of them is the story of some type of serious security breach.  The value of personal data makes repositories of that data very enticing to bad guys.

Take, for instance, the recent announcement by Capital One.  The company recently announced it had detected a security flaw in its system that left 14 years of data exposed and available for download.  The files covered over 100 million individuals.  The stolen data includes income, Social Security numbers, balances, and credit scores among other things.

One other thing about this case that has put it in the headlines is that the “bad guy” in this case is actually a girl.  The accused hacker, Paige Thompson, was arrested earlier this week.  The stolen info turned up online, posted by the hacker, but amazingly the data does not seem to have been used for any nefarious purposes… at least none is known yet.

Once Capital One became aware of the breach on July 19th, they notified the FBI who quickly located Ms. Thompson.  The company had received an email on July 17th warning that some of its data had appeared in a “data dump” online.  Also, the perpetrator did not show any concern about keeping her identity hidden.  She boasted of the hack on Twitter.

As usual in cases such as this, Capital One is offering anyone affected by the breach free credit monitoring and protection.

The unfortunate part of these types of situations is the old adage “locks keep honest people honest”.  The only way a company can find these types of problems is when they are told about them.  In todays’ environment, the company is usually notified by the FBI before the company itself discovers the event has happened.  Events such as this can be available for years and the company only finds out about the problem when the data is leaked or when federal agents come to tell you.  From that standpoint, this was an unusual case because someone contacted Capital One soon after the data was released.

Nothing is truly perfectly secure.  We’ve all got to do our best to be as tough a target as possible.

No comments:

Post a Comment