The hacker behind the breach has been arrested after they bragged about hacking Capital One.
Capital One Financial Corporation, a United States-based bank holding company has suffered a massive data breach in which personal and financial data of over 106 million customers has been accessed and stolen.
Out of 106 million, 100 million customers are US-based while 6 million are from Canada. The data breach took place on March 22nd and 23rd earlier this year but the company identified the incident on July 19, 2019.
According to a press release from the company, the data accessed in the breach includes information on customers who applied for the company’s credit card from 2005 through early 2019. This information includes names, addresses, phone numbers, email addresses, zip/postal codes, dates of birth and self-reported income.
Furthermore, credit scores, payment history, limits, balances and contact information of the company’s credit card users were also accessed by the hacker. Approximately, 140,000 social security numbers of credit card customers and about 80,000 linked bank account numbers of secured credit card customers were also among breached data.
The alleged hacker has been caught
While Capital One’s incident can be considered as one of the largest data breaches in the financial world, the alleged hacker behind the hacking saga has been arrested by authorities.
The US justice department has acknowledged that Paige Adele Thompson (33) was arrested on Monday by the FBI from Seattle and charged with computer fraud and abuse.
Paige Adele Thompson
Thompson who was a software engineer by profession used a Slack channel to brag about the hack and posted a list of files allegedly stolen from Capital One.
According to a statement issued by US attorney, “On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft.”
It is unclear whether the stolen data was misused or shared with anyone else however investigations are underway. If convicted, Thompson will face a maximum sentence of five years in prison and a $250,000 fine.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman, and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
According to resume seen by Heavy, Thompson worked for Amazon a systems engineer in 2015 and 2016. It is worth noting that Capital One’s server was hosted on Amazon Web Services which has been lately making headlines for exposing medical, influencers, social media, personal, financial and military data online.
Steve Armstrong, Regional Director UK, Ireland & South Africa at Bitglass told Hackread that: “Access to cloud data repositories should be controlled by contextual access control as a bare minimum – by first identifying the user, the device and location of access organizations can take policy-based remediation of these types of issues.”
“Furthermore, data-centric controls should be applied – data encryption tied to the data owners key management system would have gone some way to mitigating the risk of plain text data being stolen. By tying this to IaaS posture management to ensure that S3 buckets are secured in line with best practice the risk to the data would have been mitigated.”
In a detailed comment, Adrien Gendre, Chief Solution Architect at Vade Secure answered several questions related to the breach.
Q: So many people were impacted by this breach; should anyone with a Capital One account be worried?
A: “Capital One has already posted a notice within its customer portal, disclosing the breach and saying that they will “notify affected individuals through a variety of channels.” Rather than wait to find out whether you’re among the unlucky 100 million, I would advise proactively changing your Capital One password. And if that same password is used across multiple online accounts, change your password for each of those services. Although passwords weren’t mentioned in the reported list of breached information, it’s better to be safe than sorry.”
“On a positive note, Capital One customers have free access to Credit Wise credit monitoring, which includes alerts for credit-report changes, use of your SSN with a different name or address, or dark web activity associated with your identity. I would pay extra attention to the service in the coming days and weeks, so you’re able to identify and react quickly to any suspicious or fraudulent activity,” said Gendre.
Q: After breaches like this, the company typically sends out disclosure notices. Do you think cybercriminals will take advantage and conduct phishing campaigns around it?
“Phishers love to capitalize on fear and uncertainty—and a breach represents a prime opportunity to strike. Spooked by reports of the breach, consumers may be more inclined to respond to an “urgent” email purporting to be from “Capital One Security”. The email might claim that their account was locked due to suspicious activity and request them to authorities immediately to regain access. Or it could push the customer to sign up for an additional monitoring service or protection that’s only available for limited time because of the breach. Either way, sense of urgency is a hallmark of phishing attacks.”
Q: What should consumers (Capital One customers in particular) do following this breach?
“To avoid being further victimized by the Capital One breach, consider the following advice:
- Change your Capital One password as a precautionary measure. If that same password is used across multiple online accounts, change your password for each of those services. Always use a strong password that is unique for each online account or service.
- Take advantage of the Credit Wise service offered to Capital One customers already to monitor for suspicious or fraudulent activity.
- Be extra vigilant with emails that appear to be coming from Capital One as they might be a phishing attack. Pay attention to the following:
o Many experts point to bad grammar and typos as tell-tale clues of phishing. This advice is outdated. Sophisticated phishing attacks use emails and web pages that are well written and virtually indistinguishable from the real thing.
o The most important element of an email to inspect is the link. Phishers will use look-alike cousin domains, adding words (e.g. CapitalOne-Global.com) or changing spellings (e.g. Capital0ne.com with a zero) so they look deceptively similar to the impersonated brand. They might also create a domain that’s long, complex and encompasses several known domains in an attempt to confuse the recipient.
o Be extra vigilant when checking email from your phone. On mobile devices, the sender’s name is usually displayed but the email address is not. You might get an email on your phone that looks like it’s from “Capital One Security,” but the actual email address it comes from is [email protected] – a technique called visible alias spoofing. The phishers assume that most busy people won’t expand the sender to check the email address carefully.”
