Cyber Protection Group – Penetration Testing Company
Penetration Testing, Incident Response, PCI Assessments #cybersecurity #infosec #itsecurity
814.799.0274
  • Penetration Testing
  • Business Technology Services
  • Computer Support Services
    • Home Computer Repair
    • Business Computer Repair
    • Remote Support
  • About
  • Contact Us

    Capital One Data Breach

    July 30, 2019
    capital one

    Capital One Data Breach

    Capital One is one of the biggest banks in the United States. So, when the news broke of their data breach yesterday (July 29, 2019) customers and the population in general began to panic. 

     

    What Happened?

    To begin, Capital One released a statement informing customers and the public of a data breach. In the statement, the bank reported that roughly 100 million US customers and 6 million Canadian customers were among the affected in the data breach.

    The customer information at risk includes, “credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income”.

    Continuing, within that range of customers, Capital One said that, (directly quoted)

     

    No bank account numbers or Social Security numbers appear compromised, other than:

    • About 140,000 Social Security numbers of our credit card customers.
    • Around 80,000 linked bank account numbers of our secured credit card customers.

     

    All in all, this is their way of trying to deduce the severity of the breach. 

     

    How did the attack occur?

    After reviewing several articles, and the press release directly from Capital One, here is a break down of how the attack happened.

    Transcribed in Capital One’s press statement, they said that the attack began with, “unauthorized access by an outside individual”. 

    The outside individual has been identified as 33 year old, Paige A. Thompson. Paige Thompson is a software engineer from Seattle, who formerly worked for Amazon on AWS. 

    Thompson was able to utilize a misconfiguration in a firewall to gain access to Capital One customer information. 

    Before the attack, several signs and conversations about her plan appeared on various media platforms. The sites included GitHub, Slack and MeetUp. Posts on the various sites are what had initially pointed law enforcement her way. Thus allowing officials to make the arrest. 

    Further, law enforcement took Thompson into custody on Monday (July 29, 2019). Subsequently, she has been charged with a single count of computer fraud, a maximum sentence of five years in prison and a $250,000 fine as reported by BBC News. 

     

    What does this mean for the affected Capital One Customers?

    In short, within the wake of the breach, Capital One is moving further with an investigation into the attack as well as the security of all their systems.

    As a result, the bank currently notifying all affected account owners. This is in addition to offering free credit monitoring and identity protection to customers. 

    If you are a Capital One card holder or customer, make sure you follow the correct procedure to file a claim and secure your account. 

    Threat actors are taking advantage of the situation by creating malicious websites posing to be a claim site for Capital One. 

     

    To make sure you do not fall victim to additional attacks (while filing a claim or looking for information) keep the next few steps in mind.

    • Check all URLs and links to make sure the site is secure and validated.
    • Look for correct spelling on web pages. Fake ones will have a slightly incorrect spelling in order to still appear in searches.
    • Go directly to the Capital One website for information on press statements and claim procedures.

     

    By Taylor Ritchey

    Post navigation

    Are Electricity Grids Under Attack?
    AT&T Employees Bribed to Unlock Devices and Install Malware

    Free Sample Penetration Testing Report

    Click here to download your free penetration testing report!

    Recent Stories

    • Appalachia Technologies Acquires Cyber Protection Group February 16, 2022
    • United States Improves Critical Infrastructure Security May 19, 2021
    • Hacking Group Stops Oil Pipeline and Breaks 45% of the United States Oil Supply May 10, 2021
    • What is Penetration Testing and Why Do You Need It? May 10, 2021
    • Quick! Update Your iPhone and iPad! May 3, 2021

    Unable to load Tweets

    Follow

    WE'RE SOCIAL!

    Recent News
    • Appalachia Technologies Acquires Cyber Protection Group
    • United States Improves Critical Infrastructure Security
    • Hacking Group Stops Oil Pipeline and Breaks 45% of the United States Oil Supply
    • What is Penetration Testing and Why Do You Need It?
    • Quick! Update Your iPhone and iPad!
    Pages
    • Blog
    • Penetration Testing
    • Security Vulnerabilities
    • Computer Support Services
    • About
    • Contact Us
    • Application and Website Security Testing
    • Wireless Penetration Testing
    • Top Penetration Testing Company at a Low Cost
    • Home Computer Repair
    • Home
    • Business Technology Services
    • Offering Vulnerability Assessments / Penetration Testing for only $3,950
    • Remote Support
    • Sample Penetration Testing Report

    Contact Us

     
    2230 Woodbury Pike, Ste. 1
    Loysburg, PA  16659
    814.799.0274