Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday August 01 2019, @03:29AM   Printer-friendly
from the need-to-protect-EVERY-thing-ALL-the-time dept.

Capital One target of massive data breach:

A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .

Paige A. Thompson — who also goes by the handle "erratic" — was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.

The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.

The FBI raided Thompson's residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and "other entities that may have been targets of attempted or actual network intrusions."

[...] Capital One, based in McLean, Virginia, said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.

According to the FBI complaint, someone emailed the bank two days before that notifying it that leaked data had appeared on the code-hosting site GitHub, which is owned by Microsoft.

And a month before that, the FBI said, a Twitter user who went by "erratic" sent Capital One direct messages warning about distributing the bank's data, including names, birthdates and Social Security numbers.

"Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it," one [direct message] said. "I wanna distribute those buckets i think first."

Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the U.S. and 6 million in Canada.

The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One CEO Richard D. Fairbank. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

By way of comparison, the United States population on July 30, 2019 was: 329,342,191.

Also at SiliconANGLE, Ars Technica, TechCrunch, The Verge


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by jmorris on Thursday August 01 2019, @07:15PM (1 child)

    by jmorris (4844) on Thursday August 01 2019, @07:15PM (#874190)

    Yeah, the media is going all out to protect Amazon from this. A tranny freak who worked for them used its insider knowledge to jack Capital One's data. Which is also being minimized, the stupidity of putting private info into the Cloud in the first place.

    So what lessons should be drawn?

    1. Don't hire mental cases and give them elevated secirity privs.

    2. Don't put private info into public clouds. Once it leaves YOUR protection you are trusting people you have no way to know is trustworthy.

    What lessons will be drawn?

    Buy Lifelock protection.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1, Interesting) by Anonymous Coward on Thursday August 01 2019, @10:26PM

    by Anonymous Coward on Thursday August 01 2019, @10:26PM (#874314)

    Yeah, the media is going all out to protect Amazon from this.

    The FBI too. The complaint just mentions "a cloud computing company". The perpetrator mentioned them in the resume, worked there as his last real job for 15 months before they got rid of him in 2016.

    A tranny freak who worked for them

    Apparently so, according to Fox News. I didn't see a picture of the perpetrator. I was all impressed that a female was doing script kiddie stuff rather than going out and having fun, but now it makes sense that it was a thirty something dropout loser recasting himself as a female and doing sketchy shit like this.