The Financial Services Industry Just Does Not Get It

The banking and financial services industries are continuously under cyber-attack, which is becoming more sophisticated.  Some of these organisations are learning from their mistakes and the improved sophistication of the attacks but many don’t and this is an on-going problem. Now, the credit card giant CapitalOne has been found to have suffered a potentially disastrsous data breach affecting over 100m customers.
 
In just one Internet minute cyber-criminals steal around $2.9 according to the annual Evil Internet Minute report from RiskIQ.
The company has analysed and data derived from the volume of malicious activity on the Internet and they report that cyber-criminals cost the global economy $2.9 million every minute in 2018, which became a total of $1.5 trillion. 
 
Capital One Financial Corporation has admittedhat they were subjected to a cyber-attack by an outside individual who obtained over 100 million pieces of personal information relating to people who had applied for its credit card products and to Capital One credit card customers. 
 
Capital One claim to have immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The US Justice Dept. hav announced that FBI has arrested the person responsible, suggesting the the breach itsef took place some time before the 19th July when Capital One first realeased the news.
 
A former Seattle technology company software engineer has been arrested on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data. US Attorney Brian T. Moran. is quoted as saying: “Capital One quickly alerted law enforcement to the data theft, allowing the FBI to trace the intrusion,” said US Attorney Moran.  “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.
 
This criminal event has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. No credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, according to Capital One.
 
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
 
Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
 
• Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
 
No bank account numbers or Social Security numbers were compromised, other than:
 
• About 140,000 Social Security numbers of our credit card customers
• About 80,000 linked bank account numbers of our secured credit card customers
 
For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident and the affected individuals will be notified through a variety of channels. The investigation is on-going and CapitalOne says its analysis is subject to change.
 
Almost two years after the breach at Equifax exposed the confidential financial records  of 143m US citizens and four years after the Anthem data encryption debacle allowed hackers access to 80m cutomer records, Capital One's admission comes just a month following discovery of the careless exposure of confidential data by First American .
 
It really does look like the financial services industry has learned nothing about proper data protection practice. 
 
Dept. of Justice:        RiskIQ:
 
You Might Also Read:
 
Banks Are Making It Easy For Hackers:
 
Cyber Attacks On The British Financial Sector Increasing Fast:
 
 
 
« What Is The Dark Web?
5G Networks Expand In The UK »

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

DG Technology

DG Technology

DG Technology focuses on delivering a comprehensive security strategy, solutions and protection across all platforms from desktop to mainframe.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

RazorSecure

RazorSecure

RazorSecure provides cyber security solutions for Aviation, Rail & Automotive transport systems.

Qihoo 360

Qihoo 360

Qihoo 360 is a leading provider of Internet and mobile security products in China.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.