If you’ve been following the news this week, you’ll know that one of the biggest data breaches ever just occurred. Yes, we are talking about the Capital One data breach which affected more than 100 million Capital One customers’ accounts and credit card applications.
The breach occurred back in March when a software engineer, Paige Thompson, used a vulnerability in the system to access 140,000 Social Security Numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers.
Additionally, a number of credit card applicants’ information, such as their names, addresses, credit scores, credit limits, and account balances have been taken by Thompson, who has since tried to share this information with others online.
How Did This Happen?
Amazon Web Services provides cloud computing services and is used by millions of small fastest-growing startups and largest enterprises, including Capital One to store information. This means critical information such as credit card application forms from Capital One can be found on Amazon servers, and this gave Thompson the opportunity to access such critical information.
Paige Thompson, a 33-year-old based in Seattle with previous experience as a software engineer for Amazon Web Services, gained access by exploiting a misconfigured web application firewall.
An application firewall is a form of firewall that controls input, output and/or access from, to, or by an application or service. In other terms it means that the application firewall “uses a series of configured policies to determine whether to block or allow communications to or from an app”.
In the online space, Thompson made no effort to disguise her identity. She boasted about the hack on social media as well as on Slack, a chat service often used by businesses for internal communication. She also explained that she used a special command to extract the files from the Capital One directory stored on Amazon’s servers.
How to Know if You Are Affected
Capital One had been informed of this breach by one person who saw the information Thompson posted online. The company also notified the FBI, who opened an investigation and even searched Thompson’s residence earlier this week. She was arrested on Monday.
Since Capital One Financial is one of the world’s largest issuers of credit cards, this breach has affected the personal information of around 106 million people worldwide. In a statement, Capital One announced that they will notify customers whose data has been compromised as well as offer them free credit monitoring and identity theft insurance.
Capital One specifically announced that they will notify these customers by mail only. They will not be calling anyone on their phones. If you receive a phone call stating your Capital One card has been affected, it’s definitely a scam.
What to do if You Have Been Affected
With so much information being shared online these days, it can be difficult to protect yourself after data breaches such as this one. After all, when you give your personal or private information to companies such as Capital One, you cannot control what happens to your information.
In the meantime, Capital One encourages customers to monitor all their accounts for suspicious activity. Look for unauthorized transactions and payments you do not recognize. If you notice any suspicious activities, call the number on the back of your credit card immediately. You can also change your online banking password for an extra layer of security.
If you want to take extra measures, you can also freeze your credit temporarily. This will ensure no one else can access your credit reports without your permission so nobody can take out a loan using your name. But keep in mind this may give you inconveniences as you will have to unfreeze your credit first before you apply for a loan or credit card for yourself.
And lastly, take care to avoid online and phone scams. Don’t respond to phone calls or emails to people who claim they are creditors or state that you’ve been hacked.
On your personal computer, set up strong passwords and multiple layers of protection using software like McAfee Total Protection Antivirus. If a large company like Capital One could be hacked, so can you.
Be sure to check out our guide for How to Recover Following a Data Breach and share it with a friend to make sure they’re informed.
As always, if you have any questions leave a comment below and we’ll do our best to help.