It is every CISO’s nightmare to learn that the financial institution they have been working tirelessly to protect has been hacked. And not a simple run-of-the-mill hack but hacked by a media-ready figure who left a trail on social media and wanted to be found out. If there was a way to mitigate the fallout, and to protect those who could be negatively impacted by the Capital One data breach it is too late now. The media loves a good story, especially one about an angry trans-gendered female villain perpetrating the largest known hacking in history, of America’s 10th largest bank. These are the types of financial catastrophes which can take down a major financial institution. Aside from the media frenzy around the data breach there are significant real-world ramifications of people being hurt and losing money. You may be in summer mode and have missed what is happening here so the Interfor team will cover what you need to know about the Capital One data breach.
What we know
This hack was perpetrated by someone who wanted to be infamous, akin to those who shoot up schools with hopes of gaining notoriety. The hacker went so far as to admit her guilt in the private Slack groups she was on. The hacker, Paige Thompson, a transgender woman who, judging from the social media trail and handle (“Erratic) she left behind, was struggling with mental issues and was no stranger to crime. As this NBC article states “the suspected Capital One hacker threatened to “shoot up” a California social media company and was living in a house-turned-arsenal with a convicted felon who had once been arrested for being part of a “contract murder plot,” federal court papers in Seattle revealed.”
Aside from the fallout because of the data breach, other organizations aside from Capital One are being impacted negatively because of this attack. Amazon (where the hacker was a former employee) is now facing federal scrutiny as it’s AWS cloud server was hacked for the bank’s data. This could also impact Amazon’s $10 billion contract to store the Pentagon’s data, which has now been delayed. We will see how this all plays out, but it is clear that one lone wolf’s actions can have a cascading impact on some of the world’s biggest companies.
What data was released
While it is still unclear what Paige Thompson did with the sensitive data she hacked (such as selling it to third parties) we do understand what data was leaked. As this Yahoo Finance article states “the compromised information is outlined as follows: Personally identifiable information like ‘names, addresses, zip codes, phone numbers, email addresses, dates of birth, and self-reported income,’ at the time of the applications and Customer status data, which includes credit scores, credit limits, balances, payment history, contact information.”
What to do if you think you might be a victim
With over 100 million people impacted by this breach in the United States and Canada, Capital One is taking active steps to contact those who may have been affected. Vigilance is key, so make sure to monitor your credit card reports, and sign up for a credit card monitoring service just to be safe. Assume the best, but make sure to prepare for the worst. If you think your identity has been stolen drop the team at Interfor a line and we’ll be able to direct you on what to do next.
Sadly, this is the state of affairs in 2019, and it is not only state sponsored actors who are trying to hack into financial institutions but lone wolves looking to cause as much damage as possible. These threats are the most dangerous because the only warning signs we have from these types of attackers is the social media posts and correspondences they may have produced. In the law enforcement and security space, we take these types of actions on social media seriously, but there is always a challenge to separate the signal from the noise.