Just over a year ago, on July 19, 2019, one of the largest confirmed data breaches in history was identified. The Capital One data hack exposed the personal information of more than 100 million customers and credit applicants in the United States and Canada. The exposed data included names, addresses, phone numbers, self-reported income, credit scores and payment history, as well as the Social Security numbers of more than 100,000 Americans and the Social Insurance numbers of more than one million Canadians.
The breach was allegedly accomplished by a single hacker: a former Amazon Web Services employee named Paige Thompson. Amazon Web Services hosts the database that was breached. According to Capital One, during the transition to cloud-based servers, a “specific configuration vulnerability” occurred. Thompson was then able to take advantage of a misconfigured firewall to access and steal the information of millions of users. The breach was only discovered after a fellow hacker reported Thompson, who had been bragging about the breach in online forums. Thompson was soon thereafter arrested and told authorities that she did not sell or share the data. Thompson is currently in federal custody, awaiting trial on charges of computer fraud and abuse, charges that could see her facing up to five years in prison and a $250,000 fine.
Lawsuits by customers whose data was compromised against Capital One soon followed. A separate lawsuit was also filed against Amazon, alleging that the company “did nothing to fix” the known issue with their cloud-based service that allowed the hacker to gain access to the database. A discovery decision from one of the Capital One lawsuits could have far reaching consequences in the cybersecurity world. A magistrate judge ruled that Capital One must provide the plaintiffs’ attorneys with a third-party response report detailing the circumstances surrounding the breach. In ..
Support the originator by clicking the read the rest link below.
