Capital One, the fifth-largest credit card and banking institution announced recently that they suffered a data breach on July 19 because of an unauthorized individual gaining access to their system.
Capital One disclosed that about 100 million customers were affected with their credit card applications being exposed online. The attack actually took place between March 23rd to March 24th and the attacker was able to get information about all credit card application between 2005 and 2019. However, the incident came to light on July 19 when the hacker posted about her work on her private Github account.
Canadian Capital One customers are saved either. The bank announced that along with 100 million US customers, more than 6 million Canadian Capital One customers have also been affected. It is among the largest security breaches of a major U.S. financial institution on record.
How did the Capital One hack happen?
According to Capital One, the data breach happened because of a ‘configuration vulnerability’ in their infrastructure. The hacker, Paige Thompson, gained access to the Capital One’s cloud servers that were hosted on the Amazon’s AWS instances. The elements of infrastructure involved are common to both cloud and on-premises data center environments.
What is the impact
The compromised data involves about 140,000 Social Security numbers and 80,000 bank account numbers linked to American customers, and 1 million Canadian Social Insurance numbers.
Additionally, some customers’ names, addresses, dates of birth, credit scores, credit limits, balances, payment history, and contact information were also compromised in the security breach.
However, in a statement by Capital One released on Monday, they assured its customers that “no credit card account numbers or log-in credentials were compromised” and that more than 99% of the Social Security numbers that the company has on file weren’t affected.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” Capital One said.
“The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual.”
What should consumer do?
Regardless of whether the company discloses the information about the data breach or not, there are some common steps that all customer can (and should) take to make sure their information is not used by unauthorized individuals.
1. Ask Capital One to replace your credit card
If your credit card number is in a data breach, make sure you ask your credit card company to change your credit card. This will stop the hackers from using your credit card illegally.
2. Change all affected passwords
If you fear that your data might have been stolen, change all relevant passwords immediately. If you use the same passwords everywhere or cycle through a selected number of passwords on all websites, stop doing that immediately. Read this article for more information about passwords and how to generate a secure passcode using a password manager.
3. Contact the bank and speak to the representative
Contact Capital One immediately and make sure you talk to a human and not an automated answering machine. Explain that your account is at risk of fraud, and ask the card issuer to alert you if it detects suspicious activity on your account. The bank will almost certainly cancel the card and issue you a new one straight away.
Most hackers tend to use credit card information before the victims are even aware of the leak. Hence, informing the relevant financial institution before any of this happens makes sure that you are covered.
4. Enable credit or identity monitoring services
Contact popular identity monitoring services like Equifax, Transunion and Experion. These companies monitor your credit and inform you if someone tries to use your personal information (date of birth, SSN/SIN) for their use (example try to apply for a loan in your name). You can even ask them to freeze your account so no one can access it until you ask them to unfreeze temporarily for 15 days.
In case of credit monitoring services, be wary since they themselves (Equifax) have suffered massive data breaches in the past.
Informing your financial institutions about the risk is one of the most important steps that you should take to secure your credit. Data breaches are always stressful but following the above list will still be helpful in determine the extent of the damage done and help in alleviate the misuse to some extent.
Nice
Good article to make all aware about data leaks and the steps to be taken by all unaware customers in this and other data leak frauds.such articles are good efforts towards social responsibility by specialists of any field.
Nice and very informative article.solution to the problem is also very useful.
Very well written..hope it will help us in avoiding any such incidences in future…