Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
Barely a week after the Equifax data breach was settled for nearly $650 million dollars, there appears to be news of an almost equally large mega-breach which was announced today by Capital One. Capital One said in a statement that this breach has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. This breach appears to be largely related to credit card application data as the statement notes “The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
According to complaint information noted in the United States Attorney’s Office in the Western District of Washington, a software engineer turned hacker from Seattle, Paige Thompson (aka “erratic”), is being charged for involvement in the unlawful access and exfiltration of this data under the Computer Fraud and Abuse Act (CFAA).
On July 17, 2019, Capital One was notified of the potential breach through an email address ([email protected]) which it uses to solicit disclosures of actual or potential vulnerabilities in its computer systems. The screen capture shown below is from the complaint document, you can see that it notes that there is potential “Leaked s3 data.”
The moniker “s3” stands for Simple Storage Service and it is a service hosted by Amazon Web Services (AWS). Also according to the complaint, a firewall misconfiguration was to blame for the initial allowed interaction between the hacker and the system.
There are a few extraordinary circumstances surrounding this case that are unusual for cybercrime/breach issues that have really piqued my interest:
While there is undoubtedly much more to come on this event, the initial details are very interesting. From a business standpoint, there are many lessons learned that can be gleaned from this event. Regular security audits and penetration tests of all assets, including cloud infrastructure, is a highly recommended and valuable exercise that can bring serious issues that can lead to events like these to light. In addition to security audits and penetration tests, there were several missed signs of bad activity that should have been logged, recognized and alerted on. For example, the complaint mentions the following bad activity found in the logs, VPN connection from IPredator anonymization service, TOR exit node connections, and anomalous behavior from seldom used accounts. Be sure to learn from others’ mistakes to strengthen your own environment and help avoid issues like this.
Tips like these and others are mentioned in a recent white paper that I authored with along with our Incident Response Leader, David Murphy, which is available here: https://schneiderdowns.com/10-things-companies-wish-they-did-before-a-breach
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003