On Monday, July 29, 2019, Capital One Financial Corporation announced they determined there was unauthorized access on July 19, 2019, by an individual formerly employed by Amazon Web Services (AWS). This individual obtained certain types of personal information relating to Capital One credit card customers including those who have applied for credit card products. This individual was able to exfiltrate data from a Capital One cloud repository via a misconfigured Capital One firewall. According to Capital One, the misconfiguration was within in their own infrastructure and not within AWS’ infrastructure.
Capital One has since fixed the configuration vulnerability exploited by the individual and promptly began working with federal law enforcement for further investigation. The FBI has arrested the individual responsible. Based on Capital One’s analysis to date, this incident affected approximately 100 million individuals in the United States and approximately 6 million in Canada. According to Capital One, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.
The largest category of consumers and small businesses affected were those that applied for Capital One credit card products from 2005 through early 2019. Information disclosed included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
Beyond the credit card application data, the individual also obtained the following:
The best course of action for you is to continue to monitor your credit report, credit cards, and bank accounts for any suspicious entries or transactions. Capital One has stated the affected individuals will be notified; be sure to follow their instructions. Additionally, free credit monitoring and identity protection will be available to everyone affected. If anything appears to be out of place, contact the credit bureau or your financial institution immediately. If you have any questions, comments, or concerns please feel free to reach out to CBI.
Every employee is critical to helping secure the organization. If you see something, say something. It is also important the organization’s infrastructure and network teams periodically review the state of configurations and self-identify weaknesses. By staying vigilant and addressing these misconfigurations, the organization can collectively and quickly improve the overall security posture as well as dramatically reduce the risk of a breach. A breach of this magnitude could severely impact the organization’s reputation resulting in a significant loss in revenue.
The organization needs to remain extremely diligent in ensuring all new implementations within cloud environments or having cloud integrations are configured and tested for proper levels of security and access. Monitoring for anomalous behavior should be a part of all implementations where appropriate.
Additionally, building and maintaining relationships with external reporting groups and law enforcement agencies is key to both gaining awareness to potential threats and expedient engagement should we be faced with significant incidents.
Finally, having a formal Incident Response Plan, with procedures, that is periodically tested is essential responding to and recovering from any potential Cybersecurity Incident.