Capital One Data Breach Exposes Personal Info of Millions

A recent breach of the bank Capital One's data left more than 100 million customers' personal information compromised. The data was stolen by a woman named Paige Thompson but, according to the FBI, had not yet been distributed. It included 140,000 Social Security numbers, 80,000 bank account numbers, and one million Canadian social insurance numbers, which is Canada's version of Social Security.

Thompson is a 33-year-old former Amazon Web Services software engineer - and Amazon Web Services hosted the Capital One data that was breached, as it hosts many companies online. Thompson reportedly took advantage of a misconfigured firewall on a web app that allowed her to communicate directly with the server where the Capital One info was stored and obtain the data. That misconfiguration was found to be a glitch on Capital One's part and Amazon has reported that nothing else in its cloud services were compromised.

She was apprehended after a tipster called Capital One to report that some of their data may have been leaked. Following that tip, the FBI traced her from the hacker Meetup group she organized, called Seattle Warez Kids. The Meetup described itself as a group for "anybody with an appreciation for distributed systems, programming, hacking, cracking."

From there, the FBI found Twitter posts and posts to Slack describing the theft. The posts suggest she wanted to be found, with one private message on Slack saying "I've basically strapped myself with a bomb vest, dropping capital ones dox and admitting it," according to prosecutors.

But while there are reports that Thompson was planning to distribute the information, it doesn't seem like she had so before she was apprehended.

"Based on our analysis to date," the bank said in a statement, according to The New York Times, "we believe it is unlikely that the information was used for fraud or disseminated by this individual."

The bank also publicly apologized for the hack.

"I am deeply sorry for what has happened," the bank's chief executive, Richard D. Fairbank, said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right."

The banking industry is a large target of cyber criminals, for obvious reasons. And many banks spend hundreds of millions of dollars every year to avoid thefts just like this one. This breach alone is going to cost Capital One $150 million to fix, even though it appears that none of the data was actually compromised. Imagine what it would cost if the data had actually gotten out there?

Ultimately this story - of another data breach of another giant company - exemplifies the fact that even with hundreds of millions of dollars thrown at security, corporations can still be vulnerable in the face of thieves. Or, in this case, a bored tech worker who said herself that she had "nothing better to do."

Share this post

About Tenta

Tenta is a next generation browser designed for privacy and security. Built-in true VPN, full data encryption, video downloader, secure medai vault, HTTPS Everywhere, Tenta DNS, and more.

View all posts by Tenta >

Install Tenta Browser Free!

Start protecting your online privacy today with Tenta Browser.

Download Tenta Browser Google Play Button