Capital One Security Breach – Human Error

You probably heard this in the news; in July 2019, Capital One had a security breach. This was one of the largest data breaches in US history, 106 million accounts over 14 years; 140K SS #’s, 80K bank account #’s, according to an August 9th article by Spencer Israel for Benzinga. Next was Equifax in 2017 which was 143 million.

Was it hackers breaking through the billions of dollars of cloud security that’s in place in the Banking industry? Nope, it was the human factor. The person – who was arrested – accessed the data through a mis-configured web application firewall, copied and then downloaded almost 30GB of data that was on an AWS server.  All of this happened in March and April, but Capital One didn’t know about it until July 17th when someone told them about a public GitHub page that looked an awful lot like Capital One data, according to an article by Russell Brandom in The Verge.

The cloud is big business – just think about these banks, AWS, the government; that’s a lot of data to protect. Bottom line, and the wild card, is human error, in this case, a mis-configuration that was exploited. Back in 2017, a mistake by an Amazon employee created a huge outage felt by many.

Cyber security is considered the biggest risk in the banking industry, even with so much money invested, and still being invested. Are you at least doing the basics? A firewall; strong passwords; disaster recovery backups (not just a copy); changing passwords often; using two-factor authentication; are you taking this seriously?  Are you setting up your own anti-virus, your own firewall, your own backups? Are you sure they’re right? Too much is at risk; get with an IT professional so you can sleep at night!