Capital One Data Breach: Exposed Credit Info Affects Millions

Financial institutions have always been haunted by data breaches. They are not only a constant but also an expensive threat to the industry.

According to the 2018 Norton Lifelock Cyber Safety Insights Report, cybercriminals have stolen an estimated $11.3 billion through data breaches in the past 12 months.

Recently, the third-largest credit card issuer in the United States, Capital One, faced one of the most horrifying data breaches in the financial industry. The news of the breach came only a few days after the Equifax breach settlement and once again left many issues to ponder upon. The Capital One data breach once again proved that not only the organizations but also the consumers should actively take steps to monitor their crucial information.

Capital One Data Breach - What exactly happened?

Capital One, in one of its recent announcements, reported that the personal information of more than 106 million of its customers was hacked. Information including credit card scores, balances, ZIP codes, email addresses, dates of birth, self-deported income and payments history, fragments of transaction data, social security numbers of about 140,000 customers, and 80,000 bank account numbers from the credit cards of customers were reportedly stolen by a hacker in March.

According to the officials, the breach reportedly took place on March 22nd and March 23rd, 2019 and was detected on July 19th.

According to the revelations by Capital One authorities, around 100 million people in the US and 6 million in Canada may have been affected by this hack. The ones who got affected the most by this data breach include consumers and small businesses who applied for Capital One credit cards from 2005 through early 2019.

The company is still not sure whether the data has been misused by cyber-criminals after the incident. In response, the company assured that it will notify its customers and new credit card applicants about the breach. A former Amazon Web Services employee named Paige A. Thompson has been accused of being the mastermind behind the incident and was charged by the U.S. District Court in Seattle. Paige was later arrested after reportedly boasting about her involvement in the breach online and may face a sentence of up to 5 years in prison.

Exposure of data that has a minimal chance to be changed, such as social security numbers, is the indicator of a particularly severe data breach. The same happened in this case also. According to the Attorney General of New York, Letitia James, the hack took place because the essential safeguards were found to be missing from Capital One's system. On the positive side, social security and account numbers were tokenized for saving them from any misuse by potential hackers. The numbers were replaced by tokens that were unique and couldn't be used by anyone except Capital One, while the real numbers were stored somewhere else.

Although two years of free credit monitoring has been offered by Capital One, the privacy experts say that credit monitoring only takes into account the changes that are on a credit report and indicate the use of personal information by someone to open new accounts in your name. However, it does not slash out the possibility of someone taking out a loan in your name. Moreover, the breach victims are likely to receive targeted emails from scammers that may pose as Capital One or some related company.

Capital One later clarified that it will not ask its customers about the verification of any kind of personal details like social security numbers, account information or credit card details over the phone or via email and urged its customers to stay alert.

Capital One data breach is one of the latest in the long list of privacy violations and hacks that are happening across America. Data breaches of this kind not only leave a serious economic impact on customers but also hamper the financial stability of emerging business owners.

Final Thoughts

By adopting a few cybersecurity practices, the consumers can minimize or even prevent the impacts of such data breaches. Consumers should regularly monitor their credit card transactions, set up multi-factor authentication, and set up alerts in case of suspicious account activity. Ultimately, the biggest responsibility still lies on the shoulders of the companies who collect the data of consumers and they must roll up their sleeves and take steps to immobilize the threat actors in the first place.

Published on Aug 20, 2019
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now