Capital One discloses data breach affecting millions of customers

Capital One discloses data breach affecting millions of customers



and now to the big story the morning melissa the details on the hack and this is a developing story this morning Capital One disclosing a massive data breach that affects approximately 100 million US customers and six million in Canada the company says 140,000 social security numbers 80,000 bank accounts and 1 million Canadian social Social Insurance numbers were compromised but it also says the largest category of data that was exposed was from credit card applications including names addresses phone numbers states of birth and self-reported income the hacker also access customer status status such as payment history credit scores and credit limits Capital One says the breach occurred in late March the hacker is believed to have access information through a misconfigured firewall the left a cloud server vulnerable Court records show the FBI arrested a suspect Paige Thompson The Wall Street Journal reporting that she's a former engineer at Amazon Web Services authorities alleged Thompson posted some data on github and a private chat page Capital One says it will offer free credit monitoring to those affected in the breach will cost it up to 150 million dollars you talk about this for a second because to me there's multiple issues going on here but the one company will come you mentioned it in passing is AWS in all of this Amazon you saw a statement come out obviously from Capital One where is Amazon than this and what does this mean at a time when everybody's moving to the cloud Capital One's been very aggressive but moving to the cloud when when we talk about a firewall that was misconfigured misconfigured on whose end assuming that and from the reporting it suggests that this is me that that all this information was sitting on an amazon server on an AWS server so does this become a larger story about AWS I mean I think that's an interesting question to pose she is a former WS employee she's a former AWS employee the data was sitting on an AWS server unless I'm lost my mind I would say okay does she know something about the way these servers with clients there's no she it was honestly AWS server and I they didn't look it to see whether I had done this I can tell you that much you need some serious expertise to be able right to be able to do this and she's got I guess years he's been working at AWS even though she's you know fairly young 33 but she's a person that obviously knew the workings of that and I I mean it's I read that they put up a flimsy firewall on its I'm trying to understand is that a flimsy firewall on that yes has just got the the place where it is right I don't know whether they're culpable the question that's but that's my question my questions were were focused on the Capital One stock sure and my larger question is on a day like today is AWS gonna have to send out letters and emails and notes to AWS clients saying your information safe we have nothing to do with this or we're looking into it or what I think that's probably I mean I think it's Capital One at this point it just seems like I mean everybody has access to using AWS including the government and once you have access to it then it's your responsibility to get to maintain security and hire one of our CNBC 50 disrupter the are given all of our disruptors do this that everybody argument about using a service like a no BW s or a Google cloud or Microsoft Azure is that the security component for the most part is being taken care of by the cloud service the idea is for so many years people said we don't want to have to have our security guys though access through capital line and that's the funniest way which is which is what the report seems to indicate that she had access a firewall maintained by Capital One financial and not by Amazon Web service right so this is what I would love to know more information I'd like I know I'd like to see the actual dots connected between what's happened and someone who said oh my God look what happened to me did we ever at Marriott see a person that said look what happened to me because of this do we ever hear that or it's just they have it nothing's ever happened to the data that they got that what happens to the data we don't happen for years could be identity 3 years from now exactly and you do you link it back to that capital one financial breach what's your what's in your wall right everybody's in your I mean the issue is on the quote-unquote dark web you can now buy social security numbers you can buy fingerprints do you know about this there are people selling fingerprints online buy anything and if you were in five years now if you could somehow a massive database of fingerprints social security I'm just you know we had clear in here yesterday who just did this deal with United you know they're taking biometric data I know they're very cautious and protective and say that their privacy is the issue for them but if you could collect up enough of this stuff even if it's not used tomorrow but you calculate and gather various points of data from various right places on one person Andrew Ross Sorkin yep don't give any badges but can you buy by with digital currency to course you can write all anonymous like even better eponymously that that too you

21 thoughts on “Capital One discloses data breach affecting millions of customers

  1. AWS is not secure and they lack IT Governance. The Firewall was misconfiguration by insiders and client data was stolen. No one should be moving critical services to these cloud providers.

    Technical people know that Cloud is not secure.

  2. All ways white people stilling y'all stol the black people in maxican s land now y'all wanna take the cards go back to the UK

  3. What is safe ? A PC with 10hdd making backup of each other IN you home ? Or something on the cloud in outside country ? Outside mean everyone can access or try to access. At home, no one else go in ! simple.

  4. Capitol One Non-Hack
    https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

    Freemasons order a fake cyberintrusion on March 22 (3/22 or 22/3), which is 129 days (4 mo. 7 days) from 7/29 when the news was announced, as well as 142 days (4 mo. 20 days or 20 wks. 2 days) before 8/11. The news came on the 210th day of the year with 155 days remaining, and date numerologies of 75, 55, 48, and 30. This article was written by Rob McLean about Capitol One, based in McLean, Va. Rob, Bank, Capone . . . get it?

    capitol one hack on march 22, 2019 = 297 (KFW Kabbalah)
    masonic = 223 (Jewish), the 48th prime no.
    march twenty-second = 210 (O)
    masonry = 210 (Franc Baconis)
    freemasonic ritual hack = 210 (LCH Kabbalah)
    freemasonry = 155 (ALW Kabbalah)
    masonic ritual = 155 (O)

    march twenty-second = 75 (R)
    hacking = 75 (ALW Kabbalah)
    mason = 75 (LCH Kabbalah)
    masonry = 75 (ALW Kabbalah)
    cyberintrusion = 75 (R)
    march 22 and 23 = 55 (RR)
    march 22 = 55 (ALW Kabbalah)
    capitol one hack on march 22, 2019 = 257 (ALW Kabbalah), the 55th prime no.
    mclean = 48 (O)
    mason = 48 (ALW Kabbalah)
    freemason = 48 (RR)
    march 23 = 48 (O, KFW Kabbalah)), 30 (R)
    cof = 48 (Franc Baconis), 30 (KFW Kabbalah)
    march twenty-third = 223 (RO), the 48th prime no.
    capitol one hack on march 22, 2019 = 113 (R), the 30th prime no.
    capitol = 113 (RO), the 30th prime no.
    cybertheft = 113 (LCH Kabbalah), the 30th prime no.

    capitol one financial corp. = 129 (RR)
    paige thompson = 129 (LCH Kabbalah)
    capitol one = 47 (R)
    one = 47 (RO, LCH Kabbalah)
    march 22 = 47 (O, KFW Kabbalah)

    capitol one = 142 (ALW Kabbalah)
    mclean, virginia = 142 (LCH Kabbalah)
    mclean, va = 142 (Franc Baconis)
    march twenty-second = 420 (Franc Baconis)
    march twenty-second = 202 (KFW Kabbalah)
    hack = 22 (RR, Jewish)
    capitol one = 220 (Franc Baconis)
    ms. paige thompson = 220 (ALW Kabbalah)
    one hundred million = 222 (ALW Kabbalah)

    ms. thompson = 118 (RO)
    cyberintrusion = 1108 (Jewish)
    one of the biggest data breaches ever = 141 (R), prime no. of 811

  5. Amazon is the cloud hosting service which is nothing more than an AWS instance. The services have to be configured and hardened per the Capital Ones security policies. Sounds like this former employee new where the vulnerabilities were and found her way to the data.

  6. I'm tired of this sh%t, if my data was stolen…? I'm sueing and not for $125.00 Better break out the check book. If my data was leaked.. stolen , even if it hasn't bn used yet. I'm sueing them. I'm done with this.

  7. wait a second, this happened in MARCH?????? and they are telling us THREE MONTHS LATER???? FOR 3 MONTHS they KNEW my information was in the hands of a HACKER and THEY SAID NOTHING???? WT F>?

  8. reading forums RE this topic yesterday my speculations are – she worked at AWS S3 since back in 2016, I'm guessing she got internally many AWS tech guidance notices – oh if our customers have this configured it's a problem, " if they ask tell them to do this to fix it", and instead she tucked that info away as a way to get into the files she had no proper access to, and configured a way around the AWS firewall and has been downloading files since 2016, at some point she quit or was fired (or Amazon was allowed to fire her to look like they are on top of this) , I'd guess she has been downloading files from slightly mis configured AWS S3 customers the entire time and managed to get a chunk of the file in the clear, most of what she had was still encrypted, I'm guessing an unencrypted chunk of data was uploaded from a work or temp file, from when someone inside of Capital one was using the back end to run legitimate queries and the system created a database file for that query and it was created on the S3 she had erroneous access to as a temp file, she had a process waiting around for new files to be created and triggered a download. Decryption of files is hard no reason she would have access to the encryption code, letting the system work against itself is much easier.

  9. He might be making himself liable. That is almost like saying that a drunk driver used to work for a car manufacturer and that somehow they too are responsible for the drunk driver.

  10. I have a solution hold the banks 🏦 or Equifax and other accountable for the breach in security by having them monitoring your your accounts
    For free and every time you get breach ten thousand dollars 💵 goes to your account.
    I bet you this problem will stop 🛑.

    There’s no incentive for them to do anything don’t you agree.

Leave a Reply

Your email address will not be published. Required fields are marked *