We live in a world of technology and this can work for us or against us. You can purchase items or pay your taxes with just one touch. But you can also lose valuable information and even your finances in the blink of an eye. It can happen to anyone.
One of the best and most recent examples of how technology can adversely affect even the most prepared, is the latest Capital One data breach. If you haven’t heard about it, let us fill you in with all the details.
The personal information of more than 100 million people in US and Canada has been compromised, in what is considered one of the largest data bank thefts ever.
Capital One released a statement on Monday, disclosing that a hacker broke into their server and gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. In addition, people’s names, addresses, balances, credit score and other similar information have also been hacked.
Its gravity relies in the type of financial information that was hacked. This can be used to identify the most creditworthy or wealthy consumers and apply for cards or loans in their names.
According to federal prosecutors, a former software engineer and current hacker, Paige Thompson, breached a server holding Capital One customer information and gained access to extremely sensitive data. The woman used to work for Amazon Web Services, the cloud company hosting Capital One’s breached database.
How it happened
F.B.I. agents investigating the case, explained that Ms. Thompson managed to hack the database through a misconfiguration of a web application’s firewall. This gave her access to Capital One’s credit customer’s account and card applications submitted by customers since 2005 to 20019.
If you hold a Capital Credit card or applied for one in this period of time, your personal data is part of this breach and could already be in the hands of scammers.
According to officials, Thompson did little to cover her tracks and hide her identity. She even bragged on social media about her hacking and apparently tried to share the acquired information, such as social security numbers and full names and dates of birth, with other people online.
How it ended…for now
Paige Thompson was charged with computer fraud and abuse and arrested on Monday. She will remain in custody until her hearing takes place. Based on a search warrant, federal agents searched her house and found “numerous digital devices,” with “items that referenced Capital One” and Amazon, as well as other companies and institutions that may have been targeted for data breaches.
In the meantime, Capital One officials apologized and assured their clients that the problem was discovered, and the configuration vulnerability has been fixed immediately. They couldn’t say for sure if the data was used for fraud or already disseminated but added that this probability is very unlikely.
Capital One also said people affected by the breach will be notified “through various channels” and a two-year free credit monitoring and identity protection will be made available in support of their customers. If you’re one of them, you should hear from Capital One soon enough!