Capital One Suffers Breach of Personal Data for 106M Consumers

Defense Innovation Board’s AI Principles Project
May 7, 2019

Capital One Suffers Breach of Personal Data for 106M Consumers

CapitalOne suffered a data breach affecting 100 million US consumers and 6 million Canadian consumers. The breach was detected when portions of the data was found on Github by a third party and reported to Capital One. The stolen data covers information on credit card applications made from 2005 to April 2019, 1M Canadian social security numbers, 120K US social security numbers, 77K bank account numbers, and other personal information.

According to the criminal complaint against the attacker, “A firewall misconfiguration permitted commands to reach and be executed….”, and those commands resulted the data from being stolen from Capital One’s Amazon Web Service (AWS) S3 buckets.

Cloud services like S3 buckets offer great benefits – unlimited storage, easy to setup and use; but they also come with significant downsides – they are out in the public and if not properly configured and protected, could lead to data breaches.

Automated Security Assurance is the only way to continuously validate if your cloud or on-premise software and services are configured securely. Whether you have your own internal policy or you leverage public security standards like CIS, PCI, HIPAA or NIST, you cannot do this manually. Visit www.spanugo.com and read more about our ASAP – Automated Security Assurance Platform. You don’t want to get global publicity for being the next data breach casualty.

Additional Breach Information:

https://www.nytimes.com/2019/07/30/business/bank-hacks-capital-one.html

https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says

http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043

 

Leave a Reply

Your email address will not be published. Required fields are marked *

two × one =