Close on the heels of the Equifax disaster, we’re experiencing yet another major security incident in the world of personal finance. One of the major credit card issuers, Capital One, was recently hacked.
Capital One Data Breach
Paige Thompson, the accused, broke into a Capital One server and gained access to over 140,000 Social Security Numbers, 1 Million Canadian Social Insurance Numbers and 80,000 Bank account numbers. She also gained access to a massive trove of data containing people’s names, addresses, credit scores, credit limits and balances.
The 33-year-old woman from Seattle worked for a cloud hosting company that Capital One was using. She gained access to the data by breaking through a misconfigured web application firewall. The DOJ confirmed the news of her arrest on Monday. The actual hack occurred on March 22 and 23.
Investigation and arrest
As per this report by CNN, it seems like Thompson failed to tread carefully after her crime.
The criminal complaint against Thompson paints a picture of a less-than-careful suspect. Thompson posted the information on GitHub, using her own name, the complaint says, adding that she also indicated on social media that she had Capital One information.The FBI special agent who investigated Thompson believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.
Capital One’s Response
Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody.
The Chairman and CEO Richard D. Fairbank put out a statement as well:
While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.
The bank expects the hack to cost them anywhere between 100-150 million dollars.
The Pundit’s Mantra
This Capital One data breach further exposes the vulnerability of our private information. Such incidents shine a light on how our information may not be safe. One can only imagine how much of this information will keep floating around the dark web. We should also note here that it took Capital One 3 months to identify the occurrence of this incident.
What precautions do you take to keep your personal information safe? Let us know in the comments section.