In this case, Capital One was the target when an unknown individual gained access to the company's servers.
The breach was detected by an independent security researcher, who contacted Capital One on July 19th. Apparently, the hacker gained access via a server configuration vulnerability.
Upon being made aware of the issue, Capital One addressed it immediately, which cut the hacker off from the data. At this time, it is not believed that the hacker has sold the data he was able to collect, but the investigation is ongoing.
The scope of the data breach reaches 7 million customers
While this breach isn't the largest in American history, the scope and scale are still staggering. More than one million Americans and six million Canadians have been impacted by it. That includes more than a million Canadians that saw their social insurance numbers accessed.
"This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data, including Customer status data, (e.g., credit scores, credit limits, balances, payment history, contact information, and fragments of transaction data) from a total of 23 days during 2016, 2017, and 2018."
In addition to more than a million Canadian social insurance numbers being exposed, the hacker also gained access to some 140,000 American social security numbers and over 80,000 bank account numbers.
If there's a silver lining here, it is the fact that the US Attorney's Office for the Western District of Washington said it had arrested a "former Seattle technology company software engineer" in relation to the breach. If that proves to be true, then they apparently got him before he had time to post and sell the data on the Dark Web.
If you are a Capital One customer, or if you've applied for a Capital One card or loan between 2005 and 2019, know that your data may have been among the records compromised.
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.