Capital One Data Breach Information
What happened?
It is all too timely in light of the recent settlement talks of the 2017 Equifax breach, that it was disclosed this morning that Capital One has suffered a data breach. Between March 22nd and 23rd, 2019, a software engineer was able to access information to more than 100 million Capital One customers in the US and Canada. Those affected include anyone who obtained one of the company’s credit cards dating back to 2005. Information taken during the breach includes the data Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income as well as limited Social Security Numbers and linked bank account numbers. The culprit, Paige Thompson, a former Amazon Web Services (AWS) employee, was arrested by the FBI yesterday and has been charged with a single count of computer fraud and abuse after internet posts of the data theft were linked back to her.
Capital One, like many organizations today, use all cloud or cloud hybrid environments to support businesses and to stay relevant and competitive. This breach involved a hosted service through AWS and Ms. Paige was able to take advantage of a misconfiguration in a web application firewall to access the data on the backend. Capital One is no stranger to breaches as they have suffered from past incidents in 2014 and 2017 at the hands of former employees.
What does this mean for you and what is Capital One doing about this?
Capital One will be reaching out to affected customers and they will be offering credit monitoring and identity protection services. If you don’t already have this in place, it is highly recommended you take advantage of this.
Monitor your credit cards and bank accounts for suspicious activity and report this to the associated bank as soon as possible. Refer to the Federal Trade Commission’s Identity Theft: A Recovery Plan booklet for assistance and step by step instructions on how to monitor your credit, obtain free copies of your credit report and, if necessary, place freezes on your credit.
How could this impact you?
Whenever data breaches like this occur, scams will likely increase. As always, please:
- Do not respond or provide information to unsolicited phone calls or emails
- Visit a legitimate website to retrieve contact information for any company you are trying to reach
- Never provide sensitive information to a person you do not know, to a company that you are unfamiliar with or to a “friend” that you have never met in person or just recently met online
Archives
- October 2024
- September 2024
- August 2024
- July 2024
- April 2024
- February 2024
- December 2023
- October 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- November 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- December 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019