It’s one of the largest data thefts yet from a financial institution–the recent security breach from Capital One. The breach compromised over 100 million Capital One customers. How did it happen? And if you are one of those customers, what can you do? Here are some answers.
How the Capital One Security Breach Happened
Capital One and the FBI allege that a 33-year-old software engineer hacked into a server storing customer data of over 100 million people, The suspect, Paige Thompson, is said to have left an online trail, divulging details about the hack across social media.
Thompson gained access to sensitive data through what is being described as a misconfigured firewall on a web application. She reportedly used the software to communicate with the server that Capital One uses for storing information and was then able to access customer data.
Here is an interesting connection: Capital One is a customer of Amazon Web Services. Thompson is a former employee of Amazon, where she worked as an engineer. In her role with Amazon, she obtained knowledge relating to the configuration, deployment, and networking of the technology allegedly used in the breach.
Amazon, however, says it is not responsible nor has suffered any breach relating to the Capital One incident. Amazon Web Services host remote data servers that many companies use to store information, build web applications, or test disaster recovery plans.
Capital One says it “immediately fixed the configuration vulnerability.” It expects the breach to cost up to $150 million. That figure includes paying for monitoring services for affected customers.
Data Hacking Is Becoming More Frequent: Here’s How to Protect Your Info
This isn’t the first security issue for Capital One. In 2017, the company notified customers that an employee may have gained access to months of personal data, including account numbers, telephone numbers, transaction histories, and social security numbers.
These attacks are happening more frequently. Hackers are stealing larger amounts of data. Equifax recently agreed to a $700 million settlement for a similar hacking incident.
Capital One plans to notify those whose data may have been compromised. Notifications will be sent via mail, phone, email, or alerts when customers log into their online accounts.
In the meantime, security experts recommend getting a credit freeze. This can protect you from both fraud and identity theft. A credit freeze restricts access to your credit report, making it harder for thieves to open accounts or lines of credits as the creditor will be alerted to the freeze.
Black Enterprise Guest Author
Connect with the author: Linkedin: linkedin.com/in/o-shea-bowens-52344915; Twiiter: @sirmudbl00d