Last week, Capital One released information regarding a credit card data breach that occurred in March of this year. Over one hundred million users in the United States, and six million in Canada were affected. Be prepared to complete a claim if you’re a Capital One credit cardholder or have applied for a credit card after 2005. Also, strongly consider protecting your accounts against theft.
How the Hack Happened
A hacker out of Seattle, named Paige Thompson, boasted about the information she acquired on community boards and chats in GitHub and Slack. She gloated about how much information she had and how many accounts she accessed to everyone in the chats, including reporters. She even explained her methods on Twitter. All of these actions led authorities to her, and they arrested her earlier this week.
Capital One uses Amazon Web Services (AWS) cloud services to host its data. Ms. Thompson is a former AWS employee. She found a misconfiguration in a server firewall, allowing her access to social security numbers, credit card applications, credit reports, and other personal information. Then, she shared a list of folders with friends and other hackers online. However, it is not clear if she intended to sell the information.
Capital One’s Recovery
Capital One has fixed the firewall configuration as has begun notifying the affected parties. The company estimates it will spend over $100 million trying to recover and communicate with consumers. This sum may not include any future settlements from lawsuits and penalties. For example, one particular suit is against both Capital One and GitHub, citing negligence of the parties since they did not protect the released information.
Additionally, Amazon is also feeling the effect of the breach. Amazon is competing to win a multi-billion dollar contract with the Department of Defense. This news causes concerns regarding the security of AWS Cloud Services and may cause the company to no longer be considered.
Protect Your Information
There are ways to lower your risk of identity theft and scams.
1. Freeze your credit card account(s).
2. Lock your credit reports.
3. Freeze your credit reports.
4. Close your credit card account(s).
5. Monitor your credit reports.
6. Change your passwords.
7. Set up two-factor authentication.
Using the freezing methods will hinder you from using your credit cards or opening new ones. Freezing your credit will also stop would-be thieves from opening new accounts with your stolen information. Ensure you freeze your credit with all three bureaus. They do not report account data to one another, so you are responsible for requesting an account freeze at each agency. Also, to unfreeze your account, a PIN or password will be required.
A lock is similar to a freeze but may not be as secure. It is easier to use and may come with a fee. You can unlock your account at any time without a password over the phone.