Stolen data includes names, addresses, phone numbers, and credit scores.
Capital One disclosed on Monday that personal information – including names, addresses, phone numbers, and credit scores – 100 million individuals in the USA and six million people in Canada were obtained by the Seattle hacker. Approximately one million social insurance numbers of Canadian credit card customers were also stolen.
According to court documents, a tipster disclosed to breach to Capital One on July 17th where the stolen data was found on GitHub. The hack occurred on March 22-23, 2019.
How Did This Happen?
According to the reports, the Seattle Hacker – Paige Thompson, Alais: “Erratic” – hacked into Capital One’s Amazon AWS services from engineering knowledge as an employee at Amazon AWS back in 2015. – Amazon has yet to comment.
The motives for the hack is still unclear at the time of writing.
According to the Capital One press release, she was able to exploit a vulnerability in CapitalOne’s infrastructure, stole encrypted data, and the ability to decrypt the information.
As this is an ongoing investigation, it is difficult to say until the authorities can report on their findings. It is unclear if the data has been stolen or will be ever used for malicious purposes, what I do know however is that CapitalOne will have to answer for the breach and remediate the situation for its customers via credit monitoring services. This type of incident should generate around $170M in financial impacts to CapitalOne – the cost of reputation damage is yet to be determined.