This is not a recording. There has been another data breach.
Capital One on Monday announced via their Press Room that on July 19, 2019, confidential data of 6 million Canadians and 100 million Americans were compromised, with the statement being released shortly after an arrest was made in connection with the incident by the US Justice Department.
Data points included in the breach are names, addresses and phone numbers of credit applicants, credit scores, limits, balances, payment history, contact information, and the record of 1 million Canadian Social Insurance Numbers.
Canadians specifically targeted were individuals and small businesses applying for credit from 2005 through early 2019.
Capital One continues to investigate, however, they do not believe that the information was used for fraud or disseminated by the perpetrator.
Paige Thompson, 33, a Seattle-based software engineer who goes by the internet handle “erratic” was the individual arrested by the FBI in connection with the hack. Charged with a single count of computer fraud and abuse in U.S. District Court, Thompson faces a fine of $250,000 and up to 5 years in prison.
Attention was drawn to Thompson after a cybersecurity researcher noticed a user “erratic” posting on the web-forum GitHub about having access to Capital One’s servers.
The attack breached Capital One’s cyber defences by exposing a vulnerable misconfiguration in a web application server, which allowed the hacker to view Capital One’s encrypted files.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Capital One is going to notify those affected through a “variety of channels” and will make free credit monitoring and identity protection available.
News of the hack was a punch to the gut of Capital One’s stock performance, with a -4.04% drop as of Monday evening with their analysts forecasting total damages ranging from $100 to $150 million U.S.
Data exfiltration is a serious threat affecting millions of Canadians, and thousands of Canadian businesses with a new major breach being announced seemingly on a weekly basis.
Knowing where your I.T. systems are vulnerable is the first step in strengthening your I.T. security. Contact us today to discuss your cybersecurity posture, and how we can help you fight back and make I.T. easy.
Author: Ryan Black, PC Corp Managed I.T. Services
Image: Getty Images