The US bank Capital One has just identified a breach in its systems that allowed a hacker to access the personal information of approximately 100 million customers, including credit card holders and applicants. The unauthorized access, which occurred at the end of March this year, became known after the FBI arrested a woman in the Seattle (Washington) metropolitan area accused of bank fraud.
Capital One is the fifth largest issuer of credit cards in the United States. It also operates in Canada, where six million accounts were exposed. The entity explains that a person outside the bank had non-authority access to their network. The financial group ensures, in any case, that the hacker did not steal credit card numbers or credentials needed to connect to the accounts.
The hacker, who worked as an engineer for Amazon Web Services, used a vulnerability on the Capital One server. The data obtained illegally include names, addresses, phone numbers, email addresses, birth dates and income. In some cases he also stole the tax identification number as well as the payment history, bank account numbers and the balance. It is believed unlikely to have been used.
The hacker was identified as Paige Thompson, 33 years old, and on the networks he was known as "erratic". The bank assures that the problem in its data management system, which is supported by AWS, was immediately solved although it anticipates that it will have a financial impact of up to 150 million dollars (134 million euros), due to the changes in the protocols security to avoid a similar case, notifications to customers exposed to the ruling and legal costs.
Capital One shares fell about 5% at the opening of Wall Street. The bank explained that it detected the intrusion into its servers thanks to someone alerting them that data was circulating on the GitHub platform and on a Slack channel. Thompson was boasting on social media that he had been able to penetrate the entity's system and forced him to admit the ruling.
This is one of the most serious incidents of this type and it is known a few days after the Equifax credit solvency service was sanctioned with 700 million dollars for exposing the private data of almost 150 million customers. The vulnerability in their databases was detected two years ago and the scandal forced the resignation of its executive president, Richard Smith.
Equifax had 820 million customers worldwide and more than 90 million companies at the time of hacking. The interference in their databases occurred between the months of May and July 2017. It was detected on July 29 but was not made public until September 7 of that year. It was a critical moment for the Atlanta-based company.
. (tagsToTranslate) steal (t) data (t) 100 million (t) customer (t) bank (t) capital one (t) hacker (t) arrest (t) seattle (t) access (t) information (t) personal (t) cardholder (t) applicant (t) credit card (t)