Capital One hit by data breach – Netwrix comments
Today, it has been revealed that details of 106 million people across the US and Canada were stolen in a hack targeting financial services firm Capital One. Capital One said the data included names, addresses and phone numbers of people who applied for its products but did not include credit card account numbers. The data breach is believed to be one of the largest in banking history.
Matt Middleton-Leal, Netwrix’s General Manager EMEA and APAC, has provided the following statement in response:
“This incident is different from most we hear about in a number of ways. Firstly, cybersecurity attacks are usually hard to attribute. In this case, the alleged hacker has been arrested just 10 days after the breach was discovered. Apparently, while the defendant was trying to cover her tracks, she herself described the hack in several messages on Slack and Twitter. Secondly, it looks like the hacker was not looking for financial or political gain, but rather just enjoys cracking complex puzzles. Unlike more grave outcomes of similar scale breaches such as the Equifax incident, this leads us to believe the stolen data was isolated and is less likely to be used for fraud or other unlawful activity.
“In this particular case, misconfiguration has led to a vulnerability that the hacker exploited, having most likely compromised a privilege account. Accounts with the most privileges represent the greatest risk; it is important to know what privileged users are doing. Organisations should be able to automatically track the activity of users, including privileged ones, and set up alerts on both violations of security policy and deviations from normal patterns of behaviour, such as attempts to copy large number of sensitive files at the same time. It is also vital to be able to investigate the activity of any user across the IT infrastructure, especially when potentially suspicious actions are flagged.
“Capital One has demonstrated good cybersecurity practices during this breach. They appear to know what data they store and selectively protect the most sensitive. For example, although credit applications of millions of people were stolen, no credit card numbers and a relatively small amount of Social Security numbers were compromised due to the bank’s practice to tokenise these pieces of information. Capital One was also prepared to isolate and patch the vulnerability in under 10 days, once it was reported. The bank is also demonstrating clear and timely communications, which is extremely important in keeping the public’s trust in the aftermath of a breach like this.”