





4





4 Shares

Once again, a huge data breach incident has impacted millions of customers. The US-based bank holding firm Capital One Financial Corporation has disclosed a massive cybersecurity incident affecting its customers. Reportedly, the Capital One data breach exposed information of around 100 million US citizens and 6 million Canadian citizens.

Capital One Disclosed Data Breach

As revealed in the security notice, the perpetrator hacked into the firm’s system and pilfered user records. The Capital One data breach affected 100 million US and 6 million Canadian citizens.

The firm noticed unauthorized access to its customers’ data on July 19, 2019. As stated in their notice,

It determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

Upon investigating the matter, the firm confirmed the data breach. The incident occurred due to a configuration vulnerability that allowed the attacker to exploit and gain access to the database.

The firm stated in its notice:

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.

The breached information primarily comprises of customers’ personal details that the firm collects upon receiving credit card applications. This includes customers’ names, contact numbers, email addresses, physical addresses, birth dates and income. It also includes part of data of some credit card customers.

The individual also obtained portions of credit card customer data, including:

Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information.

Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.

In general, the breach did not affect bank accounts and Social Security numbers. However, some exceptions were there. As the notice reads,

About 140,000 Social Security numbers of our credit card customers.

About 80,000 linked bank account numbers of our secured credit card customers.

Whereas, the Social Security numbers of around 1 million Canadian customers were also breached.

The Suspect Has Been Arrested

Upon noticing the breach, Capital One fixed the vulnerability and involved federal law enforcement to pursue the matter. It turns out that the FBI has arrested the suspect identified as Paige Thompson. As announced by the US Attorney’s Office for the Western District of Washington, Thompson is a former employee of a Seattle technology firm.

The suspect was arrested based on the type of information she later posted on Github.

According to the criminal complaint, THOMPSON posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data. The intrusion occurred through a misconfigured web application firewall that enabled access to the data… Cyber investigators were able to identify THOMPSON as the person who was posting about the data theft.

For now, the suspect is under arrest. Whereas, the officers have also obtained and seized electronic storage devices containing copies of the breached data from her residence.

If proven guilty, the suspect may receive a $250,000 fine and 5 years in prison for computer fraud and abuse.

Let us know your thoughts in the comments.