Security: Massive data breach at Capital One
Capital One bank disclosed this week that a hacker had gained access to information from roughly 106 million credit card customers and applicants, said Peter Rudegeair in The Wall Street Journal. The data breach is one of the largest ever recorded—and it exposed a bank with a “long-held reputation for digital prowess.” Five years ago, Capital One, the fifth-largest U.S. credit-card issuer, became one of the first big banks to “migrate reams of customer and corporate data and applications off its own data centers” and onto Amazon’s cloud computing services. The hacker, identified as Paige Thompson, was a former Amazon Web Services employee.
Capital One “wore its cutting-edge approach as a badge of honor,” said Stacy Cowley and Nicole Perlroth in The New York Times. Still, it was only alerted to the hack by a tipster three months after it happened. Thompson had exploited a gap in the fire-wall software—a lapse “akin to leaving a window open overnight at the local bank.” Such mistakes are nearly unavoidable. Banks are bombarded on a daily basis; already “there have been 3,494 successful cyberattacks against financial institutions” this year, and millions of attempts. This hack “is a reminder of the intricacy of the computer networks at large financial institutions, as well as their vulnerability.” ■