Capital One Financial Corp. confirmed on July 29 that the bank was hacked, and an unauthorized hacker used infrastructure configuration vulnerabilities to access data from more than 100 million North American customers. At the same day, the US Department of Justice announced the 33-year-old suspect Paige Thompson has been arrested.
Thompson, was a software engineer at a Seattle technology company, announced on GitHub that she had stolen user data from Capital One’s servers. One of the GitHub users who saw the data notified Capital One on July 17, and Capital One contacted the FBI immediately after verifying the authenticity of the data. The FBI raided Thompson’s house, seized the device that stored the data, and arrested Thompson.
According to the Ministry of Justice and Capital One, Thompson invaded the Capital One server on March 22 and March 23 this year by using a misconfigured network application firewall.
The statistics shows that most of the information stolen by hackers was credit card application materials from 2005 to 2019 for consumers or small businesses, including credit scores and balances, ZIP codes, email addresses, dates of birth, self-reported income and payments history and fragments of transaction data. In addition, 140,000 Americans’ social security codes, 80,000 bank accounts, and the social security codes of 1 million Canadians have been affected.
In addition to fixing the vulnerability and notifying the affected users, Capital One estimates that the accident will incur additional costs of $150 million to $150 million, including notifying customers, providing credit monitoring, and technical and legal costs.
If you use Capital One, check if your account has been affected and take necessary measures to avoid financial loss. According to security experts, users should never re-use security passwords. They recommend users turn on two-factor authentication on their phones. That will require users to enter a code sent to their phone or email into an app or website so as to log in from a new device or to change a password. If users’ accounts are affected by this kind of hacks, it should freeze their credit report.
Norton 360 with LifeLock helps protect you against identity threats with all-in-one protection. It is a leading in identity theft protection and consumer cybersecurity, backed by one of the world’s largest civilian cyber intelligence networks. It alerts you to potential threats and helps you fix threats effectively. Norton 360 offers solid yet affordable price, starting at $99.99/year.
Published by Emerson L. Sullivan & last updated on August 2, 2019 6:30 am