Author Topic: Q&A: What to know about the Capital One data breach  (Read 1217 times)

0 Members and 1 Guest are viewing this topic.

Offline Elderberry

  • TBR Contributor
  • *****
  • Posts: 24,274
Q&A: What to know about the Capital One data breach
« on: July 30, 2019, 09:01:21 pm »
Houston Chronicle By KEN SWEET, FRANK BAJAK and MICHELLE CHAPMAN 7/30/2019

One of the country's biggest credit card issuers, Capital One Financial, is the latest big business to be hit by a data breach, disclosing that roughly 100 million people had some personal information stolen by a hacker.

The alleged hacker, Paige A. Thompson, obtained Social Security and bank account numbers in some instances, as well other information such as names, birthdates, credit scores and self-reported income, the bank said Monday. It said no credit card account numbers or log-in credentials were compromised.

Capital One Financial is just the latest business to suffer a data breach. Only last week Equifax, the credit reporting company, announced a $700 million settlement over its own 2017 data breach that impacted half of the U.S. population. Other companies that have had breaches include the hotel chain Marriott, retail giants Home Depot and Target.

WHAT HAPPENED?

Thompson, 33, who uses the online handle "erratic," allegedly obtained access to Capital One data stored on Amazon's cloud computing platform Amazon Web Services in March. She downloaded the data and stored it on her own servers, according to the complaint.

Thompson was a systems engineer at Amazon Web Services between 2015 and 2016, about three years before the breach took place. The breach went unnoticed by Amazon and Capital One.

Thompson used the anonymous web browser Tor and a Virtual Private Network in extracting the data — typical methods hackers use to try to mask infiltrations — but she later boasted about the hack on Twitter and a chat group on Slack, posting screenshots as evidence of her exploit.

It was only after Thompson began bragging about her feat in a private group chat with other hackers that someone reached out to Capital One to let them know on July 17.

More:https://www.houstonchronicle.com/business/technology/article/Q-A-What-to-know-about-the-Capital-One-data-14256230.php