Financial holdings company Capital One has revealed that it fell victim to an extensive hack attack on March 22 and 23, which saw the perpetrator get access to information about roughly 100 million American and six million Canadian customers.
The hack was discovered on July 19 after an external security researcher reported a potential cybersecurity weakness in Capital One’s digital defences.
While the American company claims no credit card account numbers or logins were obtained in the breach, the attacker went away with information about customers’ credit scores, credit limits, payments histories and contact information. Roughly 140,000 social security numbers and 80,000 linked bank accounts of Capital One’s secured credit card customers were compromised. The business believes none of the information was used to commit fraud.
Capital One has pledged to reach out to those affected and to offer them free credit monitoring and identity protection.
The FBI caught the alledged attacker Paige A Thompson who went by the Twitter handle erratic and raided her apartment on Monday July 29. She is now facing one charge of computer fraud and abuse in US District Court in Seattle. The domestic intelligence and security service revealed that someone using the handle had issued a warning about releasing the Capital One’s data about one month prior to the company finding out about the attack.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, chairman and CEO of Capital One. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The cyberattack exploited a specific configuration vulnerability in Capital One’s infrastructure. The company claims to have addressed the configuration as soon as it was discovered and verified there are no other instances in its environment. Among other things, Capital One has augmented changed routine automated scanning to look for this issue on a continuous basis.
Copyright © 2018 RegTech Analyst