The Financial Services Industry Just Does Not Get It

The banking and financial services industries are continuously under cyber-attack, which is becoming more sophisticated.  Some of these organisations are learning from their mistakes and the improved sophistication of the attacks but many don’t and this is an on-going problem. Now, the credit card giant CapitalOne has been found to have suffered a potentially disastrsous data breach affecting over 100m customers.
 
In just one Internet minute cyber-criminals steal around $2.9 according to the annual Evil Internet Minute report from RiskIQ.
The company has analysed and data derived from the volume of malicious activity on the Internet and they report that cyber-criminals cost the global economy $2.9 million every minute in 2018, which became a total of $1.5 trillion. 
 
Capital One Financial Corporation has admittedhat they were subjected to a cyber-attack by an outside individual who obtained over 100 million pieces of personal information relating to people who had applied for its credit card products and to Capital One credit card customers. 
 
Capital One claim to have immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The US Justice Dept. hav announced that FBI has arrested the person responsible, suggesting the the breach itsef took place some time before the 19th July when Capital One first realeased the news.
 
A former Seattle technology company software engineer has been arrested on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data. US Attorney Brian T. Moran. is quoted as saying: “Capital One quickly alerted law enforcement to the data theft, allowing the FBI to trace the intrusion,” said US Attorney Moran.  “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.
 
This criminal event has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. No credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, according to Capital One.
 
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
 
Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
 
• Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
 
No bank account numbers or Social Security numbers were compromised, other than:
 
• About 140,000 Social Security numbers of our credit card customers
• About 80,000 linked bank account numbers of our secured credit card customers
 
For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident and the affected individuals will be notified through a variety of channels. The investigation is on-going and CapitalOne says its analysis is subject to change.
 
Almost two years after the breach at Equifax exposed the confidential financial records  of 143m US citizens and four years after the Anthem data encryption debacle allowed hackers access to 80m cutomer records, Capital One's admission comes just a month following discovery of the careless exposure of confidential data by First American .
 
It really does look like the financial services industry has learned nothing about proper data protection practice. 
 
Dept. of Justice:        RiskIQ:
 
You Might Also Read:
 
Banks Are Making It Easy For Hackers:
 
Cyber Attacks On The British Financial Sector Increasing Fast:
 
 
 
« What Is The Dark Web?
5G Networks Expand In The UK »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.

Koop

Koop

Koop’s trust management platform helps navigate the complexities of regulatory compliance, security reviews, and liability insurance in a single place.

NAM-CSIRT

NAM-CSIRT

NAM-CSIRT is a team established to contribute to the security and stability of critical infrastructure and critical information infrastructure of the Republic of Namibia.