The news of the Capital One data breach comes just as Equifax paid a $700 million fine for its 2017 incident. And this undoubtedly will have consumers and businesses more on edge about the security of their financial data.
Capital One Data Breach
Even though the perpetrator of this crime was arrested, it wasn’t due to Capital One or the authorities. The theft of the data took place on March 22 and 23, 2019. However, no one knew about it until a tipster warned Capital One its data may have been leaked. This was on July 17, almost four months after the fact.
This further highlights the need for everyone to keep an eye on their financial records on a regular basis.
You can set five minutes a week to go through your records to make sure your data hasn’t been compromised. Those five minutes will save a lot of headaches. Headaches that can last for months or even years if someone steals your information and destroys your credit.
As this case clearly points out, you can’t depend on these companies to monitor your data at all times. After all, they have hundreds of thousands or even millions of customers around the world. You are the only one that can give your data the attention it deserves.
The best you can hope for is for a quick reaction once an organization finds out. And in the case of Capital One that is exactly what it did.
So, What Happened?
As the Justice Department says in the release, these are just allegations and a person is innocent until proven guilty.
According to the Justice Department, a Seattle tech worker named Paige A. Thompson (aka erratic) posted the theft of information from Capital One on GitHub. On July 17, 2019, a user saw the post and alerted Capital One on its Responsible Disclosure Program.
Capital One verified the information on July 19, 2019, and it alerted the FBI. The FBI was then able to identify Thompson as the person who posted the content. Agents then executed a warrant at her residence and they seized devices which contained copy of the data.
Thompson was able to exploit a misconfigured web application firewall that enabled access to the data.
For its part, Capital One says, “We immediately addressed the configuration vulnerability and verified there are no other instances in our environment. Among other things, we also augmented our routine automated scanning to look for this issue on a continuous basis.”
If guilty, Thompson can face up to five years in prison along with a $250,000 fine.
You can take a look at the complaint below.
Thompson Complaint by jonathan_skillings on Scribd
The Stolen Data
Capital One says the victims in this crime total 100 million individuals in the U.S. and another 6 million in Canada
The majority of the information comes from consumers and small businesses who applied for credit card products from 2005 through early 2019. The information includes names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
Thompson also allegedly obtained portions of credit card customer data; customer status data such as credit scores, credit limits, balances, payment history, contact information; and fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
The company goes on to say this didn’t affect bank account or Social Security numbers. However, it did affect around 140,000 Social Security numbers of its credit card customers and roughly 80,000 linked bank account numbers of its secured credit card customers.
In Cananda, 1 million social insurance numbers were stolen.
Capital One will notify all affected individuals and make free credit monitoring and identity protection available to them.
In the end, Capital One says this incident will end up costing the company anywhere from $100 to $150 million in 2019.
You Have to be Proactive
The threat to all financial institutions is a relentless attack which takes place 24/7/365. And eventually, people will break through.
Before this happens, you have to take matters into your own hands. This means being proactive in the protection of your digital data. Monitor your credit report with all three agencies, update the software on your computing device with the latest version, and change your passwords on a regular basis.
These are just a few of the things you can do, but if you want to take additional measures the Federal Trade Commission has a guide you can follow here.
Image: Capital One