Capital One has announced that about 140,000 Social Security numbers and 80,000 linked bank accounts were compromised “in one of the biggest-ever data breaches,” affecting some 100 million individuals in the U.S. and 6 million in Canada. The FBI has charged a person with computer fraud and abuse, reports The Washington Post, citing court records. The hack, which is believed to have occurred in March, is the latest data breach to hit a financial services company.
The compromised information was taken from “credit card applications submitted to the Virginia-based bank from 2005 to 2019. According to Forbes, these included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.”
Data breaches and the loss of sensitive, personal information are becoming more and more frequent. News of the Capital One breach, one of the largest and most damaging ever in the finance sector, comes on the heels of the announcement that Equifax, one of the “big three” credit reporting agencies, has agreed to pay $700 million to many of the 147 million users whose information was compromised in a 2017 breach.
Unfortunately, this breach wasn’t discovered because of cybersecurity best practices or through effective monitoring of network activity. The only reason the attack was discovered is because the hacker bragged about it online.
What does this mean for public sector agencies, or for you as an individual? It’s time to take cybersecurity, and the protection of PII (Personally Identifiable Information) seriously. Once you provide your info to anyone – a bank, an employer, even an online shopping site – it’s out of your hands. From that point, it’s only as secure as the information systems that organization uses.
While banks and retailers continue to report record-breaking profits, we’re also seeing more and more data breaches. Organizations must begin to invest more of those profits into robust cybersecurity programs, technologies, and best practices.
The Capital One breach…a lesson for the public sector
James Hofsiss
James is a CISSP with broad experience as a cybersecurity analyst, consultant and engineer with decades of real-world cybersecurity and information technology expertise in military, government, and industry. He currently serves as a Cybersecurity Consultant and Customer Sales Engineer at DLT, where he works to help government customers evaluate, design, and implement comprehensive security solutions, practices, and products.
Previous Article
