By Kimberly Connella | July 30, 2019 | 0 Comments
Yesterday evening, Capital One disclosed a massive data breach that exposed the personal and financial information of 100 million people in the U.S. and 6 million in Canada.
The incident was identified on July 19, 2019. The report states that an unauthorized hacker from Seattle allegedly exploited a vulnerability in Capital One’s firewall and stole the information of millions.
The hacker stole 140,000 Social Security numbers and 80,000 linked bank accounts of Capital One customers.
For Canadians, 1 million Social Security numbers were also compromised.
According to Capital One, the hacker accessed the most financial and personal data from small businesses and consumers. Credit card applications from early 2005 to 2019 were breached.
Capital One reported that the hacker accessed “names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.”
“Beyond the credit card application data, the individual also obtained portions of credit card customer data, including customer status data, e.g., credit scores, credit limits, balances, payment history, contact information.”
Capital One assures users that it encrypts data as a standard. However, in a statement they said, because of the nature of this case, “the unauthorized access also enabled the decrypting of the data.”
The hacker originally accessed the data on March 22 and 23 of this year. However, Capital One wasn’t aware of the vulnerability in its firewall until July 17.
They launched an investigation and discovered it on July 19, after being notified.
Capital One reported that they depend on outside ethical security researchers to report vulnerabilities directly to them. However, they didn’t find it until months after the breach had occurred.
The credit giant announced it expects this data breach to cost at least $100 to $150 million in losses.
As of last night, Capital One’s stock is down a little over 1%.
This unsettling news comes just a day after the terms of Equifax’s settlement for a 2017 data breach went public.
The FTC just fined Equifax $425 million after their breach to compensate customers.
The Equifax data breach affected 147 million customers, including 19,000 Canadians.
Unfortunately, Canadians were not included among those eligible for compensation.
As the data breach unfolds and lawsuits inevitably follow, it will be of interest to see if this case will be the same for the 1 million Canadians who had their Social Security numbers stolen.
Alarmingly, the Equifax breach should’ve been a warning to other credit giants: the massive amount of financial information you store is valuable and under attack—secure it.
However, it’s clear from the multiple massive data breaches that have occurred since 2017 that other corporations have not taken caution to Equifax’s, and now Capital One’s, cautionary tales.
The hacker exploited an existing vulnerability in Capital One’s firewall.
Despite claiming to invest heavily in cyber security precautions, it didn’t become aware of a data breach that affected millions of individuals until months after.
Even then, it was notified by an outside source and not its internal cyber security team.
Unfortunately, to stop these massive data breaches from occurring, companies must start protecting the growing amount of data they collect. This includes firewall vulnerability scanning.
Regardless of size, companies must use internal resources or outside cyber security organizations to assess their risks. As the hacking industry becomes more profitable, it becomes more important to assess the vulnerabilities in your firewall.
aNetworks, Inc. offers a free cyber security assessment tool that runs tests on your firewall to discover any vulnerabilities. We work with you to find them and patch them before a hacker can exploit them.
Finally, going forward, businesses of all sizes need to set new cyber security standards and meet them. Otherwise, massive data breaches like these will continue to affect consumers and businesses alike.