Capital One Wrap Up | Long term... persistent... insider threat?
In an incident reminiscent of the Equifax crisis of 2017, Capital One was a victim of a data breach executed by the accused Paige Thompson. In this data breach, Paige Thompson gained access to millions of American and Canadian citizen's information. Capital One's servers were accessed with an exploit of Amazon's Web Services hosting Capital One's information in the cloud. Thompson made no effort to hide her data breach, and gloated about her perceived accomplishments on social media, leaving a trail that led to her inevitable arrest. Authorities arrested Thompson and are charging her with data fraud and abuse.
Late 2017, a single security employee's lack of thoroughness in implementing a security patch lead to a breach of Equifax that resulted in a data leak of the personal information of over 147 million Americans. Still dealing with this breach today, Equifax has gone to extensive measures, and over $700 million in compensation, to attempt to reconcile the impact that this slip of attention had on Americans. It seems that financial institutions still haven't learned from this incident, and most recently Capital One has become the victim in similar negligence of the importance of Information Security. A data breach of Capital One has resulted in a leak affecting 100 million Americans, and 6 million Canadians, including 140,000 Social Security numbers, 1 million Canadian Social Insurance Numbers and 80,000 bank account numbers. In addition, credit scores and balances, zip codes, email addresses, dates of birth, income and payment histories, and transaction data were all accessed. Although the Social Security numbers and account numbers that were stolen were tokenized, other stolen information can be utilized in phishing scams and still be used to compromise individual security.
With big companies such as Netflix, financial groups such as Liberty Mutual, and even government agencies such as DoD, all using Amazon Web Services (AWS), it's easy to see the importance of proper configuration of such services. In instances of failure to properly implement and maintain security measures, no one would be severely affected by an intrusion of Netflix, but an intrusion could be lethal in the case of the Department of Defense. Capital One utilizes AWS to store its customer's details and information in the cloud. Although AWS claims to be, and usually are, safeguarded against intrusion, they are not safe from any misconfigurations or malpractices made in the hands of the user. Paige Thompson hacked into Capital One's cloud servers rented through AWS, by exploiting a misconfiguration in a web application firewall.
Following her data breach on March 22nd and 23rd, Thompson wrote about it on multiple social media sites including Twitter, Slack, and GitHub. Going by the online handle “erratic”. Following her exfiltration of Capital One's data, Thompson began uploading the information online claiming, “I wanna get it off my server that’s why Im archiving all of it lol,” in response to a message from another user warning her, “don't go to jail plz”. On the same account, Thompson had posted a veterinarian bill with an address that was linked to her home address. On July 17th, a user on Slack reported had alerted Capital One of its vulnerabilities that leaked information on GitHub. Following her criminal complaint, Thompson wrote, “I’ve basically strapped myself with a bomb vest. F–king dropping capitol ones dox and admitting it.” Monday, July 29th marked Thompson's first court hearing and ruled to keep her in detention until a court hearing Thursday, August 1st.
Although credit card account number and log-in credentials, were not compromised, many American and Canadian citizens still suffer from the leak of personal information, and time will tell how much of an impact is caused by Thompson's actions. CEO Richard Fairbank states, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” but words can not undo history. Especially now in our world of ever-rapid transition into digital media, big companies and financial institutions need to understand the importance of securing their infrastructures to safeguard customer's information. One man's mistake should never affect 100 million American's lives.
Late 2017, a single security employee's lack of thoroughness in implementing a security patch lead to a breach of Equifax that resulted in a data leak of the personal information of over 147 million Americans. Still dealing with this breach today, Equifax has gone to extensive measures, and over $700 million in compensation, to attempt to reconcile the impact that this slip of attention had on Americans. It seems that financial institutions still haven't learned from this incident, and most recently Capital One has become the victim in similar negligence of the importance of Information Security. A data breach of Capital One has resulted in a leak affecting 100 million Americans, and 6 million Canadians, including 140,000 Social Security numbers, 1 million Canadian Social Insurance Numbers and 80,000 bank account numbers. In addition, credit scores and balances, zip codes, email addresses, dates of birth, income and payment histories, and transaction data were all accessed. Although the Social Security numbers and account numbers that were stolen were tokenized, other stolen information can be utilized in phishing scams and still be used to compromise individual security.
With big companies such as Netflix, financial groups such as Liberty Mutual, and even government agencies such as DoD, all using Amazon Web Services (AWS), it's easy to see the importance of proper configuration of such services. In instances of failure to properly implement and maintain security measures, no one would be severely affected by an intrusion of Netflix, but an intrusion could be lethal in the case of the Department of Defense. Capital One utilizes AWS to store its customer's details and information in the cloud. Although AWS claims to be, and usually are, safeguarded against intrusion, they are not safe from any misconfigurations or malpractices made in the hands of the user. Paige Thompson hacked into Capital One's cloud servers rented through AWS, by exploiting a misconfiguration in a web application firewall.
Following her data breach on March 22nd and 23rd, Thompson wrote about it on multiple social media sites including Twitter, Slack, and GitHub. Going by the online handle “erratic”. Following her exfiltration of Capital One's data, Thompson began uploading the information online claiming, “I wanna get it off my server that’s why Im archiving all of it lol,” in response to a message from another user warning her, “don't go to jail plz”. On the same account, Thompson had posted a veterinarian bill with an address that was linked to her home address. On July 17th, a user on Slack reported had alerted Capital One of its vulnerabilities that leaked information on GitHub. Following her criminal complaint, Thompson wrote, “I’ve basically strapped myself with a bomb vest. F–king dropping capitol ones dox and admitting it.” Monday, July 29th marked Thompson's first court hearing and ruled to keep her in detention until a court hearing Thursday, August 1st.
Although credit card account number and log-in credentials, were not compromised, many American and Canadian citizens still suffer from the leak of personal information, and time will tell how much of an impact is caused by Thompson's actions. CEO Richard Fairbank states, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” but words can not undo history. Especially now in our world of ever-rapid transition into digital media, big companies and financial institutions need to understand the importance of securing their infrastructures to safeguard customer's information. One man's mistake should never affect 100 million American's lives.