The Latest / Data Security News

Capital One Hack Hits 100 Million US Citizens

August 13, 2019

In a hack that took advantage of a misconfiguration within Amazon’s cloud firewall, 100 million US citizens had their personal data stolen. The Capital One hack affected social security numbers, bank account numbers and other personal information.

Capital One Hack Hits 100 Million US Citizens

What was stolen in the Capital One hack?

The hack took place between March and July and once it was discovered it did not take long to find the person responsible. Paige A. Thompson has been quickly arrested for her unauthorized access of the data and the theft of the personal customer information.

Unfortunately for the bank, a lot of data was accessed in the attack. It’s estimated that Thompson was able to steal 140,000 US Social Security numbers and 80,000 bank account numbers. On top of that, the personal details of millions of customers – including names, addresses, ZIP codes, phone numbers, email addresses and birthdates – were stolen in the hack. In effect, anyone who had applied for a credit card with the bank since 2005 could have been affected by Thompson’s criminal activity.

Capital One has said that it does use encryption to protect data, including many social security numbers, however the bank also said that because of the particular circumstances of the incident, “the unauthorized access also enabled the decrypting of data.”

All the damage done?

The Capital One hack is bad news for all those affected, though it is good to see that the perpetrator has been quickly found and apprehended. That is all too often not the case. Unfortunately though, the data that has been stolen is already out there and been made available to other hackers. That will be the biggest worry for those potentially affected by the theft. Thompson herself no longer has the capability to abuse their data, but the risk of other hackers using the data to create strong identity-theft based hacks going forward is significant.

As is standard in these situations, Capital One is making free credit monitoring and identity protection available to everyone possibly affected. If you believe you might be, make sure you take advantage of the offer.

Capital One said:

“When this was discovered, we immediately addressed the configuration vulnerability and verified there are no other instances in our environment. Among other things, we also augmented our routine automated scanning to look for this issue on a continuous basis.”

It’s good that Capital One were able to identify the source and that Thompson has been arrested. But this hack took place over three months and to get security right, you can take no chances. You need to be doing these constant checks on your system all the time and not introduce them after the event.

Don’t wait to protect your organization from a data breach. Find out how GDS can help you implement a truly robust data breach prevention strategy.