More About The Capital One Breach

Capital One Financial is one of the largest US credit card issuers and was recently breached and over 100 million people’s personal data was taken by a hacker. The alleged hacker has now been named as, Paige A. Thompson, who stole a range of data information about people’s bank accounts and personal information from names to birthdates. 
 
Thompson was a systems engineer at Amazon Web Services between 2015 and 2016, about three years before the breach took place. The breach went unnoticed by Amazon and Capital One.
 
Capital One Financial is just the latest business to suffer a data breach. Recently Equifax, the credit reporting company, said it had a $700 million settlement to its 2017 data breach that had affected fifty percent of US people. Other companies that have had breaches include the hotel chain Marriott, retail giants Home Depot and Target.
 
What Happened?
Thompson, 33, who uses the online handle "erratic," allegedly obtained access to Capital One data stored on Amazon's cloud computing platform Amazon Web Services in March. She downloaded the data and stored it on her own servers, according to the complaint. Thompson used the anonymous web browser Tor and a Virtual Private Network in extracting the data, typical methods hackers use to try to mask infiltrations, but she later boasted about the hack on Twitter and a chat group on Slack, posting screenshots as evidence of her exploit.
 
It was only after Thompson began bragging about her feat in a private group chat with other hackers that someone reached out to Capital One to let them know on July 17.
 
Once the informant told Capital One the company closed the vulnerability. The company verified its information had been stolen by July 19 and started tracking Thompson and working with the FBI.  The FBI raided Thompson's residence and seized digital devices. An initial search turned up files that referenced Capital One and "other entities that may have been targets of attempted or actual network intrusions."
 
What Did Thompson Take?
The data breach involves about 100 million people in the US and 6 million in Canada. Capital One said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. The hacker also was able to gain some access to fragments of transactional information from dates in 2016, 2017 and 2018.
 
The bank said it believes it is unlikely that the information obtained was used for fraud, but the investigation is ongoing.
Capital One says 140,000 individuals had their Social Security numbers accessed, and another 80,000 had their bank account information accessed.
 
Where there is smoke, there is fire.
  • Organisations such as Italian bank UniCredit and Michigan State University were named in the purported list of files posted by alleged hacker.
  • Michigan State University (MSU) said it was working with the FBI and assessing whether the hacking suspect also got into its systems, though it said it had no knowledge of a breach.
  • Like Capital One, Michigan State is an Amazon Web Services customer. UniCredit, Italy’s largest bank, also said it is investigating the possibility of a breach related to the Capital One incident. 
The issue is simple: Once someone has the keys to the vault, why stop at Capital One?
  • Companies have fervently embraced cloud computing for its speed, ease, cost, and security, giving Amazon and others a large and profitable business.
  • But the widening probe points out a possible weakness: A hacker who figures out a way around the security fence of one cloud customer not only gets to that customer’s data but also has a method that might be usable against others.
  • UniCredit and MSU are mentioned in the postings, as is Ford Motor. A Ford spokeswoman said the company was investigating.
  • The Ohio Department of Transportation, also mentioned, said it, too, was working with the FBI.
And now, the European Central Bank is involved. 
  • UniCredit’s main regulator, the European Central Bank’s supervision arm, said it doesn’t comment on specific banks. The arm looks closely at cybersecurity risks at banks, including through on-site inspections. If UniCredit is involved, expect the General Data Protection Act to kick in. British Airways is contending with a $230 million fine.  Google was charged $75 million and Uber a million. Bring UniCredit, an Italian global bank in 17 countries and $20 billion in revenue, and expect a new wave of industry controls (and fines).
  •  Italian banks have been slow to invest in technology as they have struggled to digest piles of bad loans that accumulated on their balance sheets during the financial and sovereign debt crisis. Only three years ago, 17% of Italian banks loans, whose face value was €360 billion ($401 billion), were sour, according to the Bank of Italy.
If the theory of “once you are in, you are in” holds as the FBI believes, then plenty of financial service companies can be at risk. On the Amazon Web Service website, the Capital One case study mentions many top financial industry users.
 
What to Do
Capital One said it will reach out to those affected using "a variety of channels." Consumers should also obtain copies of their credit reports at AnnualCreditReport.com. By federal law, consumers can receive a free copy of their credit report every 12 months from each of the three big agencies, Equifax, Experian and TransUnion.
 
Look over all of your listed accounts and loans to make sure that all of your personal information is correct and that you authorised the transaction. If you find something suspicious, contact the company that issued the account and the credit-rating agency. 
 
You may also want to consider freezing your credit, which stops thieves from opening new credit cards or loans in your name. This can be done online. Consumers can freeze their credit for free because of a law that President Donald Trump signed last year. Before that, fees were typically $5 to $10 per rating agency.
 
You'll need to remember to temporarily unfreeze your credit if you apply for a new credit card or loan. Also keep in mind that a credit freeze won't protect you from thieves who file a fraudulent tax return in your name or make charges against an existing
account.
 
You should also change your passwords regularly. CreditCards.com industry analyst Ted Rossman recommends using a password aggregator like LastPass that helps create strong, unique passwords for all of your logins.
 
Security Week:             Payments Journal
 
You Might Also Read:
 
Four Questions To Ask After An Attack:
 
Equifax Executives Resign Without Charge:
 
« Surge Of Attacks On Banking & Finance Using N Korean Tools
British Army Reshapes Itself To Fight Cyberwars »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.