Cybersecurity Breach at Capital One Exposes 100M People to Loss of Privacy and Identity Theft

So many companies we rely on to protect our personal information and credit have suffered security breaches that put us all at risk. 

In the aftermath of a cyber security breach, Capital One put out a press release Monday, stating that an outside individual gained unauthorized access to the company's servers and obtained the personal information of approximately 100 million people in the U.S. and 6 million in Canada who hold Capital One credit cards, as well as the information of people who had applied for a credit card. 

Capital One said that no credit card account numbers or log-in credentials were compromised and more than 99% of Social Security numbers were not compromised. According to the bank, the suspect obtained data on consumers and small businesses at the time they had applied for credit cards from 2005 through 2019, which includes names, addresses, phone numbers, emails, dates of birth and income.

Capital One Cybersecurity Breached by Hacker

According to the Department of Justice, the hacker was able to gain access to the information through a misconfigured web application firewall that enabled access to the data.

The suspect, identified by the FBI as 33-year-old Paige Thompson, seems to have committed the hack into the Capital One security system sometime between March 12 and July 17.  Thompson might have wanted to be caught. If not, why would she boast about how she accessed the information, posting details of what she did on a social media website called GitHub. This exact information is available in the public record of the criminal complaint on file.

The incident came to light after a GitHub user saw the post and alerted the bank that it had potentially been hacked. Two days later, Capital One confirmed the breach and contacted the FBI. 

Authorities identified Thompson as a suspect and arrested her Monday, after executing a search warrant and seizing electronic storage devices containing a copy of the stolen data.

Capital One does not believe the information was used for fraud or disseminated by Thompson, and an investigation is ongoing. Computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, Chairman and CEO. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

Capital One says they are notifying all affected individuals through a variety of channels and are offering free credit monitoring and identity protection to everyone affected. 

"Safeguarding our customers' information is essential to our mission and our role as a financial institution. We have invested heavily in cyber security and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses." 

Last week, Equifax agreed to pay at least $700 million to settle lawsuits over security breaches in a settlement with federal authorities and states. The agreement includes up to $425 million (USD) in monetary relief to consumers.

Cybersecurity Grants Available on GrantWatch

Grants for increasing security for businesses and nonprofits can be listed under a number of categories on GrantWatch. Check listings under workforce, higher education, technology, business, or research and evaluation. Still other categories to search include Homeland and National Security.

Find grants for cyber security on GrantWatch, such as the three listed below:

Grants to USA Nonprofits and IHEs to Advance Education Related to Computer Security (175790), deadline: Ongoing. 

Grants to USA colleges, universities, and nonprofit organizations for projects related to education in the field of cybersecurity. Projects may involve a broad range of academic disciplines, including engineering, computing, information sciences, communications, engineering, education, economics, mathematics, statistics, and social and behavioral sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both encouraged. 
 

Grants to USA Private and Public Sector Partnerships for Apprenticeship Programs Targeting Nontraditional Industry Sectors (186357)

Grants to Massachusetts and Israel University Faculty for Collaborative Scientific Research (186308).   

What to Do if Your Identity is Stolen 

If your identity is stolen, act as soon as possible. Here' what to do if you know or suspect that your personal information according to the Federal Trade Commission and an Bankrate article on Identity theft.  

1. Contact the companies where you know the fraud occured.
2. Put a fraud alert on your credit report and get copies and check them. 
3. Report identity theft to the FTC.
4. Freeze your credit .
5. File a report with your local police department.
6. Close new accounts opened in your name.
7. Remove fraudulent charges from your accounts.
7. Correct your credit report.
8. Change all affected account passwords.
9. Replace stolen credit cards and government-issued identification.
10. Contact your telephone and utility companies. 
11. Report a misused Social Security Number.
12. Stop debt collectors from trying to collect debts you don't owe.

Each step is enumerated in detail on the FTC's Identity Theft website.

 

About the Author: Compiled by GrantNews staff from press releases from Capital One Corporation and Cision News wire.

Sources: