Published: Thu, August 01, 2019
Tech | By Constance Martin

How to protect yourself after the Capital One breach

How to protect yourself after the Capital One breach

This Monday, July 22, 2019, photo shows Capital One mailing in North Andover, Mass.

It is among the largest security breaches of a major USA financial institution on record.

Federal investigators believe this is Paige A. Thompson's Twitter account. Editor's note: Capital One is a financial sponsor of NPR. The agreement includes up to US$425 million in monetary relief to consumers. Capital One said the incident affected approximately 100 million people in the United States and six million in Canada.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right".

Capital One did not provide immediate comment on the lawsuit.

Even more disturbing, the information accessed included 140,000 Social Security numbers of USA customers and 1 million Social Insurance numbers of Canadian customers, along with 80,000 linked bank accounts of secured credit card customers.

The stolen data included personal information, such as names, addresses and dates of birth, as well as the Social Security numbers of 140,000 credit card customers and the linked bank account numbers of 80,000 credit card customers.

Also exposed were customer status data, such as credit limits, scores, balances and payment histories.

A copy of the complaint against Thompson is available here.

Thompson is accused of hacking credit scores, balances, income information and Social Security numbers from a total of 100 million people in the US and 6 million in Canada.

The bank blamed a "configuration vulnerability" exploited by the suspected attacker, but said "this type of vulnerability is not specific to the cloud".

According to prosecutors, she said online that she wanted to distribute the data.

Bruce Lee's daughter accuses Quentin Tarantino of unfair 'caricature' of father
Quentin Tarantino's " Once Upon a Time in Hollywood " tore up the box office during it's first weekend, and for good reason. However, Bruce Lee's daughter, Shannon Lee has expressed her disappointment after watching the movie.

Capital One received this email from tipping it off to the breach, according to the criminal complaint.

In addition to posting software projects and thoughts on technology on social media, Thompson also posted about struggles with mental health and other personal issues on her Twitter account in recent weeks. "That means other people can do things like withdraw money from your accounts, use your credit cards, and even open new bank accounts or credit cards under your name".

At an AWS conference in 2015, Capital One's chief information officer Rob Alexander said that the bank had "worked closely with the Amazon team to develop a security model".

It took Equifax roughly two years to reach a settlement and given Capital One's huge legal resources, we can probably expect any similar agreements (if they occur at all) to take roughly as long. An internet Good Samaritan saw the post and informed Capital One about the data theft.

The company said, once discovered, the vulnerability was immediately addressed.

Thompson allegedly bragged online about the hack, according to court documents.

Thompson, aka "erratic", aka 0xA3A97B6C on Twitter, was suspected of nicking the data, and was collared by the Federal Bureau of Investigation on Monday this week.

Erratic listed only filenames in the Slack channel, and not files themselves.

And Wright says Capital One's case is not like Equifax.

It also didn't take Capital One much time to assess the damage.

Capital One sent investigators this screenshot of Thompson's alleged communications with the tipster.

Bloomberg reports that in court on Monday, Thompson broke down and laid her head on the defense table during the hearing.

Like this: