The Financial Services Industry Just Does Not Get It

The banking and financial services industries are continuously under cyber-attack, which is becoming more sophisticated.  Some of these organisations are learning from their mistakes and the improved sophistication of the attacks but many don’t and this is an on-going problem. Now, the credit card giant CapitalOne has been found to have suffered a potentially disastrsous data breach affecting over 100m customers.
 
In just one Internet minute cyber-criminals steal around $2.9 according to the annual Evil Internet Minute report from RiskIQ.
The company has analysed and data derived from the volume of malicious activity on the Internet and they report that cyber-criminals cost the global economy $2.9 million every minute in 2018, which became a total of $1.5 trillion. 
 
Capital One Financial Corporation has admittedhat they were subjected to a cyber-attack by an outside individual who obtained over 100 million pieces of personal information relating to people who had applied for its credit card products and to Capital One credit card customers. 
 
Capital One claim to have immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The US Justice Dept. hav announced that FBI has arrested the person responsible, suggesting the the breach itsef took place some time before the 19th July when Capital One first realeased the news.
 
A former Seattle technology company software engineer has been arrested on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data. US Attorney Brian T. Moran. is quoted as saying: “Capital One quickly alerted law enforcement to the data theft, allowing the FBI to trace the intrusion,” said US Attorney Moran.  “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.
 
This criminal event has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. No credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, according to Capital One.
 
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
 
Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
 
• Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
 
No bank account numbers or Social Security numbers were compromised, other than:
 
• About 140,000 Social Security numbers of our credit card customers
• About 80,000 linked bank account numbers of our secured credit card customers
 
For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident and the affected individuals will be notified through a variety of channels. The investigation is on-going and CapitalOne says its analysis is subject to change.
 
Almost two years after the breach at Equifax exposed the confidential financial records  of 143m US citizens and four years after the Anthem data encryption debacle allowed hackers access to 80m cutomer records, Capital One's admission comes just a month following discovery of the careless exposure of confidential data by First American .
 
It really does look like the financial services industry has learned nothing about proper data protection practice. 
 
Dept. of Justice:        RiskIQ:
 
You Might Also Read:
 
Banks Are Making It Easy For Hackers:
 
Cyber Attacks On The British Financial Sector Increasing Fast:
 
 
 
« What Is The Dark Web?
5G Networks Expand In The UK »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Superscript

Superscript

Superscript (formerly Digital Risks) is an insurance broker for small businesses, sole-traders, landlords and high-growth tech firms. Our services include Cyber Liability insurance.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Kasada

Kasada

Kasada provides bot detection and mitigation for enterprise web applications. Stop the bots before they reach your site and web applications.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Appdetex

Appdetex

Appdetex is a global leader in securing your brand’s digital footprint. We are a full-service brand protection company in the online and mobile brand protection space.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.