CSTI
    breachThe Cloud Security Era (2010-2019) Daily Briefing Landmark Event

    Capital One's 2019 Breach Exposes Data of Over 100 Million Customers

    Monday, July 29, 2019

    Today, Capital One announces a significant data breach affecting over 100 million individuals in the United States and approximately 6 million in Canada. This alarming incident was discovered on July 19 after a security researcher alerted the company through its Responsible Disclosure Program. The breach stems from a misconfigured web application firewall, which allowed the attacker to exploit vulnerabilities and access sensitive data stored on Amazon Web Services (AWS).

    The exposed data includes personal information such as names, addresses, and credit scores. Notably, around 140,000 Social Security numbers and 80,000 linked bank account numbers are also compromised. Fortunately, no credit card numbers or login credentials were accessed during this breach, which is a small relief amid the extensive fallout. The alleged perpetrator, Paige Thompson, a former AWS employee, has been arrested and charged with computer fraud and abuse. Reports indicate she attempted to share the stolen information online, further complicating the breach's implications.

    This incident raises serious concerns regarding cloud security and the management of sensitive data, particularly in the fintech industry. The vulnerabilities exposed by this breach underscore the need for robust security measures when handling customer information in cloud environments. As organizations increasingly migrate to cloud solutions, understanding and mitigating risks associated with configuration missteps becomes crucial.

    In another notable development, the cybersecurity community continues to grapple with the implications of the GDPR, which aims to enhance data protection and privacy for individuals within the EU. As companies like Capital One face scrutiny over their data handling practices, compliance with regulations like GDPR becomes increasingly critical.

    This morning's breach announcement serves as a stark reminder of the potential risks involved in cloud computing and the importance of prioritizing cybersecurity protocols. Organizations must be vigilant in implementing strong security measures, conducting regular audits, and ensuring that their cloud configurations are secure. The Capital One breach highlights the ongoing challenges in protecting sensitive data in the digital age and underscores the necessity for continuous improvement in cybersecurity practices.

    Sources

    Capital One data breach AWS cloud security CVE