The Technical Side of The Capital One AWS Security Breach

On July 19th, 2019 Capital One got the red flag that every modern company hopes to avoid - their data had been breached. Over 106 million people affected. 140,000 Social Security numbers. 80,000 bank account numbers. 1,000,000 Social Insurance Numbers. Pretty messy right?

Unfortunately, the 19th wasn't when the breach occurred. It turns out that Paige Thompson, aka Erratic, had done the deed between March 22nd and March 23rd 2019. So almost 4 months earlier. In fact, it took an external tip for Capital One to realize something had happened.

Though the former Amazon employee has been arrested and is facing $250k in fines and 5 years in prison...it's left a lot of residual negativity. Why? Because of many of the companies who've suffered data breaches try to brush off the responsibility of hardening their infrastructures and applications to the increased cyber crime.


Comments

Be the first to comment !



Related Posts


2 months ago

Abusing Predictable S3 Bucket Names

A common practice in AWS is to use files in an S3 bucket that is also located in the region. Some..

2 months, 1 week ago

Rhinosecuritylabs/Cloudgoat

Cloudgoat is Rhino Security Labs' "Vulnerable by Design" AWS Deployment Tool

..

3 months ago

HTTP Security Headers - A Complete Guide

A description of each security header, why it is important, and how to configure your website in ..

PAUL FLAHIVE , 2 months, 3 weeks ago

How COBOL Still Powers The Global Economy At 60 Years Old

Estimates as high as 80% of financial transactions use common business-oriented language or COBOL..

3 months ago

Why AWS Eventbridge Changes Everything..

AWS EventBridge may encourage SaaS businesses to formally define and manage public event models t..

-->