Join our subscribers
Capital One hacker who stole personal info on 100M arrested
Tuesday, July 30, 2019
Paige A Thompson, 33, "an outside individual", posted on GitHub about the hack, which occurred between 12 March and 17 July. Another GitHub user contacted Capital One and after the financial company confirmed the intrusion and theft, it alerted the FBI on 19 July.
"Reportedly, the intrusion had happened in March but was noticed only upon notification in late July. Given Capital One’s comparatively immense capacity to invest into cybersecurity and the allegedly trivial nature of the vulnerability, such protracted detection timeline is incomprehensibly huge," said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.
"Capital One didn’t report it publicly for nearly two weeks after the breach occurred, until the FBI had arrested someone - something that the ICO has clamped down on in the UK," said Jake Moore, cyber-security specialist at ESET.
Informing the affected customers at the earliest is curicial in protecting them from any future fraud, should the data reach the dark web, he observed.
"Legal ramifications of the breach may be both exorbitant and protracted, including regulatory fines and penalties, individual and class action lawsuits by the victims," Kolochenko added.
Thompson, the perpetrator of this breach, turned out to be a former employee of Amazon Web Services, which was contracted by Capital One, reported Bloomberg. The charging complaint against Thompson cites posts on GitHub in which, using the handle "erratic," she discusses the breach, including the method used to access the data and her plans to distribute it. Read Full Article
TechTalks: A reality check on the role of machine learning in cybersecurity
Dark Reading: FormGet Storage Bucket Leaks Passport Scans, Bank Details
