Capital One happens to be one of the largest credit card issuers in the U.S., with millions of customers and proof of their stock prices steadily growing in the past year. However, on Monday, Capital One revealed that they had suffered from a data breach which affected tens of millions of their customers in the U.S. and Canada. In the past day, their stocks have slid over 5 percent.
Finding a Configuration Vulnerability
According to the company, someone found a “configuration vulnerability,” which allowed them to access Capital One’s customer data. The individual managed to look at personal information (collected by Capital One when the customer applied for a credit card) of about 100 million people in the U.S. and nearly 6 million people in Canada.
Most of the data was information such as names, addresses, phone numbers, and reported income from those who had applied between 2005 through 2019. The culprit also managed to access credit status data, credit scores, balances, payment history, and transaction history. Around 140,000 social security numbers and 80,000 linked bank account numbers were also accessed.
The breach was immediately reported to federal law enforcement, and the FBI has allegedly arrested the person responsible, identified in court documents as Paige Thompson [1], a software engineer from Seattle. According to a statement by Capital One, they don’t believe that the information was used for fraud or was distributed by the individual, but they will continue to work with the FBI.
Bigger Picture
Wall Street analysts have been busy speculating what the repercussions of the hack will be, not just for Capital One, but for other businesses too. “As one of the largest-ever data breaches and on the back of GDPR, we believe this event could bring additional focus/attention/spending to the security landscape,” Matthew Hedberg, an analyst at RBC Capital Markets, said on Tuesday.
Capital One has worked hard to keep their security high, trusting Amazon Web Services to store their information on their cloud server. Unfortunately, even with some of the best security, the company still suffered a significant hack. “Capital One has invested heavily with AWS and security over the years, and we wonder,” said Hedberg, “if they are subject to a breach of this magnitude, how other companies that aren’t as dedicated to securing their cloud-based infrastructure may fare.” [2]
Capital One has stated that they will be notifying the individuals who were affected by the hack as well as offering free credit monitoring and identity protection to everyone affected.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Notes:
- ^“The Morning After: FBI arrests woman for massive Capital One hack.” Engadget, 30 July 2019, www.engadget.com/2019/07/30/the-morning-after. (go back ↩)
- ^Strauss, Daniel. “Capital One sinks after revealing a hack that leaked information on more than 100 million people (COF).” markets.businessinsider.com, 30 July 2019, markets.businessinsider.com/news/stocks/capital-one-stock-price-breach-hack-affecting-100-million-people-2019-7-1028398965. (go back ↩)