On Monday, a massive data breach of Capital One has exposed the personal information of approximately 100 million. After a former Amazon employee stole credit card application data, including about 80,000 bank account numbers and 140,000 Social Security numbers. The Virginis-Headquartered bank said in a news release that all these bank accounts, social security number, and one million Canadian Social Insurance numbers were compromised.
Additional information like names, addresses, phone numbers, credit scores, and credit limits was also exposed. On the whole, Capital One said that 100 million people in the US and almost 6 million in Canada were affected by this event. However, no credit card account numbers or log-in credentials were exposed and over 99% of Social Security numbers were not affected, according to the bank, which said the unauthorized access occurred on March 22 and 23 of this year.
Federal authorities have arrested a suspect, Paige A. Thompson, who was charged with computer fraud and abuse, over the hack. They explained Thompson, who had previously worked for Amazon Web Services, stole the data from the bank’s credit card applications in March,as per the Bloomberg. Amazon handles Capital One’s cloud database. Capital One came to know about the data breach on Monday evening.
According to the court documents, Thompson worked for a cloud computing company that was contracted by Capital One. That company was identified as Amazon Web Services, which handles a massive amount of internet traffic. Furthermore, an Amazon spokesperson told that Thompson had not worked for the company for about three years. The vulnerability which Thompson exploited to gain access to the data came from a misconfiguration of a web application on Capital One’s side.
Amazon system was not compromised and they worked exactly the same. But its is still unclear whether Thompson has used the knowledge gained from her time at Amazon to access the system or not. Capital One describes the hacker as a highly sophisticated individual who was able to breach through a specific configuration vulnerability in our infrastructure.
The company also added that it addressed the vulnerability after discovering it, and that much but not all of the data was encrypted. Because Thompson has the access system, therefore, she was able to decrypt some of the data. She has been also accused of exfiltrating and stealing information, including credit card applications and other documents from the capital one. Other compromised data included credit scores, credit limits, balance, and payment information. About a million Canadian Social Insurance numbers were also compromised.
The criminal complaint alleged that Thompson posted the stolen data online on information sharing site GitHub and made statements on social media. Knowing the fact that she has information on Capital One, and she recognizes she has acted illegally. Thompson made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, 2019,the Department of Justice said.