The Capital One data breach: So THAT’S what’s in your Wallet!
In July, 2019, the data pertaining to more than 100 million people was compromised when Capital One computer systems were breached. Here is Capital One’s verbatim explanation of what happened and what they have done about it, as of August 4, 2019[1]:
What happened
On July 19, 2019, we determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card products.
What we’ve done
Capital One immediately fixed the issue and promptly began working with federal law enforcement. The person responsible was arrested. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.
Safeguarding information is essential to our mission and our role as a financial institution. We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses.
There is nothing in this explanation that gives any sense of how the system was breached, nor is there any description of the methods used to correct it. In this context, Capital One’s statement that they believe it “unlikely that the information was used for fraud or disseminated” and that they will “incorporate the learnings from this incident to further strengthen our cyber defenses” doesn’t sound very reassuring.
This paucity of information after cyberattacks is distressingly familiar. Those of us in the cybersecurity community rarely hear specific information from the victim regarding the attack that would help us strengthen our own systems or the systems of our clients. Victims are not forthcoming on the theory that if they revealed the weakness that led to the breach, then cybercriminals would take advantage of that information to target others with similar weaknesses.
The lack of timely, accurate information after a major breach makes it imperative that businesses employ proactive measures to make breaches as unlikely as possible. At a minimum, every business should.
What you can do!
Taking action now will reduce your risk and protect what’s in your wallet.
[1] https://www.capitalone.com/facts2019/
Take action now
- Have an internal monitoring protocol to ensure that suspicious activity is detected as soon as possible.
- Employ up to date HR and system interface procedures to minimize accidental exposure to risk.
- Install updates as soon as they are made available and upgrade or replace obsolete hardware and software which poses an unacceptable security risk.
- Have an external audit performed by an independent third party. The auditor should be an expert willing and able to collaborate closely with the company’s IT professionals but should have no design, operation or remediation responsibility or authority in order to maintain the auditor’s independence.