Category Archives: capital one

Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson

Posted on by

If the alleged Capital One hacker also took information from dozens of other companies, as investigators suspect, then Amazon Web Services isn’t aware of it, according to the cloud computing giant. The company outlined its findings in a letter to Sen. Ron Wyden, D-Ore., who had sought more detail on how a reported misconfiguration in Capital One’s AWS server would have made it possible for a single individual to steal information about more than 100 million people. The letter said AWS is not aware of any breaches at other “noteworthy” customers, cautioning that there “may have been small numbers of these that haven’t been escalated to us.” This follows court filings indicating government investigators are probing whether the accused hacker, Paige Thompson, also took data from more than 30 other companies, along with Capital One. Wyden asked whether any vulnerabilities in the AWS cloud service — which serves millions of customers – contributed to the […]

The post Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson appeared first on CyberScoop.

Continue reading Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson

Alleged Capital One hacker may have taken data from dozens of companies, feds say

Posted on by

The person allegedly behind the recent Capital One hack may have siphoned data from more than 30 other companies, according to federal court filings made public Wednesday. In a motion for detention filed in the Western District of Washington state, the U.S. government said investigators found that Paige Thompson took data from multiple companies, and not just Virginia-based bank. The revelation was part of the evidence used to argue that Thompson must be detained before trial, or else pose a danger to the community and a risk of skipping out on further court dates. Thompson, who is currently in federal custody in Washington state, has been charged with stealing data on 106 million Capital One customers after taking advantage of a misconfigured firewall in the bank’s cloud computing system. According to the latest filing, the government has allegedly found terabytes of additional data Thompson took from more than 30 “companies, educational institutions, and […]

The post Alleged Capital One hacker may have taken data from dozens of companies, feds say appeared first on CyberScoop.

Continue reading Alleged Capital One hacker may have taken data from dozens of companies, feds say

GitHub ‘encourages’ hacking, says lawsuit following Capital One breach

Posted on by

The class action charges Capital One and GitHub, charging it with being “friendly” (at least) toward hacking and for the hackers’ posts. Continue reading GitHub ‘encourages’ hacking, says lawsuit following Capital One breach

Should GitHub Be Liable for the Capital One Hack?

Posted on by

Probably the dumbest questions you can ask a lawyer—particularly in the wake of a massive data breach—is, “Can I sue?” The answer is almost always, “Yes.” And what would you sue for? Answer. “A real long time.” In the aftermath of the Capital One data… Continue reading Should GitHub Be Liable for the Capital One Hack?

Capital One Data Breach, Equifax Settlement Payouts, Nextdoor App Scams

Posted on by

This is your Shared Security Weekly Blaze for August 5th 2019 with your host, Tom Eston. In this week’s episode: everything you need to know about the Capital One data breach, changes in the payouts from the Equifax settlement, and Nextdoor app s… Continue reading Capital One Data Breach, Equifax Settlement Payouts, Nextdoor App Scams

What Capital One’s cybersecurity team did (and did not) get right

Posted on by

There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]

The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.

Continue reading What Capital One’s cybersecurity team did (and did not) get right

Smashing Security #139: Capital One hacked, iMessage flaws, and anonymity my ass!

Posted on by

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and… Continue reading Smashing Security #139: Capital One hacked, iMessage flaws, and anonymity my ass!

What’s in YOUR Wallet? A Tepid Defense of Capital One

Posted on by

It started with an e-mail to a Capital One “responsible disclosure” email address early Wednesday, July 17, at 1:25 a.m. The note was short and cryptic. It simply said that “there appears to be some leaked s3 data of yours on someone’s github/gist.” T… Continue reading What’s in YOUR Wallet? A Tepid Defense of Capital One

Capital One is a cautionary tale for companies rushing to embrace new tech

Posted on by

Capital One always said it wasn’t like other banks. While other financial giants cautiously waded into their own digital transformations, Capital One’s leadership has sought to differentiate the $28 billion bank by investing in technology meant to modernize their business. The bank has increased its number of technology staffers to 9,000 today from 2,500 in 2011, assigning employees to software engineering, artificial intelligence and building a digital chatbot to automate reminders to customers about when their bills are due or flag unusually large restaurant tips in case they want to rescind them, Rob Alexander, the bank’s chief information officer told the Wall Street Journal last year. Capital One also was different for its use of Amazon Web Services, a rarity in the financial services industry where most corporate heavyweights simply don’t trust third-parties to store their financial data. At Capital One, the use of AWS was to serve as proof of […]

The post Capital One is a cautionary tale for companies rushing to embrace new tech appeared first on CyberScoop.

Continue reading Capital One is a cautionary tale for companies rushing to embrace new tech

My info was in the Capital One breach. What should I do?

Posted on by

While the security world focuses on the aftermath of the Capital One data breach, the majority of those impacted by the incident are left with one big question: What do I do? The amount of information taken from the bank’s system is extensive: names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income on 100 million U.S. residents. Social Security numbers and bank account numbers were also pulled from Capital One’s cloud computing infrastructure. If you’ve gotten notice that your information was part of the breach, there are steps that you can take to protect yourself. How do I freeze my credit? Freezing your credit is one of the safest things you can do if you believe you are susceptible to identity theft due to a data breach. By instituting a freeze, any business trying to run a credit check, which is often necessary to open a […]

The post My info was in the Capital One breach. What should I do? appeared first on CyberScoop.

Continue reading My info was in the Capital One breach. What should I do?