Capital One Financial Corporation, a bank holding company, recently disclosed a data breach that affected approximately 100 million individuals in the United States and approximately 6 million in Canada. The company stated that the attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data.
The compromised information included names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction data. However, Capital One clarified that no credit card account numbers or log-in credentials were compromised in the incident.
The FBI charged the suspect, Paige A. Thompson, with computer fraud and abuse. Thompson, who went by the hacker name erratic, allegedly exploited a misconfigured firewall to access the Capital One cloud repository and exfiltrate the data in March 2019.
“On July 19, 2019, we determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for credit card products and Capital One credit card customers. This occurred on March 22 and 23, 2019. This type of vulnerability is not specific to the cloud. The elements of infrastructure involved are common to both cloud and on-premises data center environments,” Capital One said in a statement.
“The configuration vulnerability was reported to us by an external security researcher through our Responsible Disclosure Program on July 17, 2019. We then began our own internal investigation, leading to the July 19, 2019, discovery of the incident,” the statement added.
Security researchers stated that Phishing and Ransomware attacks are the most reported types of cyber-attacks on financial services firms. According to the Audit and Consulting firm RSM International in the United Kingdom, around 819 cyber incidents were reported by Financial services firms to the Financial Conduct Authority (FCA) last year.
RSM said that Retail Banks were the most frequently affected by cyber-attacks (486 security incidents) followed by wholesale financial markets (115 attacks), and retail investment firms (53 incidents). In 2018, financial firms reported around 93 cyber-attacks, in which half of these (48 attacks) were phishing attacks while 20 percent (19 attacks) were ransomware attacks.