In July, Capital One disclosed a major data breach impacting 100 million people in the US and 6 million in Canada. Information breached included names, addresses, phone numbers, email addresses, dates of birth, and self-reported income, along with 140,000 American social security numbers and 80,000 bank account numbers, according to a statement from Capital One.
The breach occurred due to a cloud firewall configuration vulnerability, which Capital One said it has since fixed. The FBI arrested a former Amazon Web Services (AWS) employee named Paige Thompson as the alleged responsible party. The largest category of information accessed was that on consumers and small businesses who had applied for credit cards between 2005 and 2019, the statement said.
SEE: You’ve been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)
“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” the statement said. “However, we will continue to investigate.”
On Wednesday, court documents obtained by ZDNet revealed that Thompson allegedly stole “multiple terabytes of data” from more than 30 other organizations along with Capital One, including companies and educational institutions. However, much of this data does not appear to contain personally identifiable information, according to the documents.
Financial institutions are increasingly being targeted by advanced attacks, with hackers leveraging sophisticated tactics such as “island hopping,” lateral movement, counter incident response, and fileless malware, Tom Kellermann, chief cybersecurity officer at Carbon Black, said in a press email.
“The modern bank heist is now in cyberspace,” Kellermann added.
No credit card account numbers or log-in credentials were compromised in the Capital One breach, according to the bank. But in the wake of the breach, customers of Capital One and those with corporate accounts at any bank should still do the following to stay safe:
1. Check your accounts. Examine your credit card and banking statements, and report any fraud or suspicious activity immediately.
“With a corporate account, you may have many employees using company credit cards and making transactions out of that account on a regular basis, so it’s important to closely monitor activity and make sure all charges are legitimate,” Sara Rathner, a credit cards expert at NerdWallet, told TechRepublic. “If something seems suspicious, ask around. Notify the bank or credit card issuer ASAP if there’s a fraudulent charge.”
2. Freeze your credit. Doing so means that no one can access your credit reports without your permission, preventing anyone from taking out a loan in your name.
3. Sign up for a credit monitoring service, and check your credit reports at least once per quarter.
4. Sign up for security alerts from your bank.
SEE: Dark Web activities: 10 signs that you’ve been breached (free PDF) (TechRepublic)
5. Secure your cloud infrastructures, and the data they hold. As more financial companies become cloud-forward, they need to be taking steps to keep the cloud secure, Kellermann said.
“The challenge with cloud environments like AWS and others is their dynamic nature compared to traditional data centers, yet companies need the same level of security controls in the cloud. This may not have been the case in the Capital One breach,” Sameer Malhotra, CEO of TrueFort Inc., told TechRepublic. “Companies need to be able to monitor cloud workloads for suspicious activity. This breach will place more pressure on cloud providers to provide more security monitoring, especially around behaviors of cloud applications. In this case, the application was connecting to a Tor instance, which is clearly not a ‘normal’ behavior. With the right controls, this could have been detected and investigated.”
6. Be on the lookout for phishing emails and scams in the coming months. Don’t respond to emails or calls from creditors. If data was stolen and sold, victims can expect a wave of sophisticated spear phishing attacks, Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, said in a press email.
7. Educate employees on what phishing emails look like, so they don’t accidentally give away company banking information, Rathner said.
8. Account for all threat vectors. Thompson, who was arrested for allegedly causing the breach, previously worked at Amazon as an engineer for the same server business that supporter Capital One.
“Modern threats comes can come from all domains, including former employees, partners or contractors,” Kellermann said. “A business needs to consider all the potential risks and work to gain visibility across the business into where potential weaknesses exist.”
9. For SMBs, keep your business finances separate from your personal accounts. “Not only does that help you stay organized, but it also means if your business accounts are hacked, hopefully your personal accounts are okay, and vice versa,” Rathner said.
10. Consider investing in business crime insurance, which can help protect your business when money is fraudulently withdrawn from your account, Rathner said.
For more, check out 4 ways your company can avoid a data breach on TechRepublic.
This article was updated on August 15, 2019 with information about the new allegations.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
10 dangerous app vulnerabilities to watch out for (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)