Capital One settles with nearly 100 million customers in case of data breach –


Capital One resolves biggest data breach in history.


Capital One has agreed to pay $ 190 million to settle a class action lawsuit filed by the bank’s customers. Hacker Paige Thomas stole the personal data of nearly 100 million people in 2019. Thompson, in her 30s, is a former software engineer at Seattle technology company Amazon (AMZN) Web Services. US prosecutors said she used knowledge from her previous job at Amazon as well as scripts to find Amazon Web Service (AWS) servers where “web application firewalls were misconfigured.”

Thompson was ultimately charged with breaking into a Capital One server and gaining access to “140,000 social security numbers, 1 million Canadian social insurance numbers and 80,000 bank account numbers, in more than an undisclosed number of names, addresses, credit scores, credit limits. , balances and other information, “according to the bank and the US Department of Justice (DOJ).

Photo by Soumil Kumar from Pexels

The Justice Department court record indicated that the former software engineer ‘s plan to find misconfigured web application firewalls was what brought her to the information. She then bragged about the breach, attempting to share the information she obtained with others online. “The intrusion occurred through an improperly configured web application firewall that allowed access to the data,” the DOJ said.

Thompson specifically posted on the news-sharing site GitHub about his theft, and on July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility that he was the victim of a breach. of data.

As soon as the company was notified, Capital One contacted the Federal Bureau of Investigations (FBI) and cyber investigators were then able to identify Thompson as the person who posted the comments. After executing a search warrant at his home, investigators seized electronic storage devices containing a copy of the stolen data.

“Capital One quickly alerted law enforcement to the data theft – allowing the FBI to trace the intrusion,” said US Attorney Moran at the time, adding, “I commend our law enforcement partners. order who do everything possible to determine the status of the data and secure it.

New charges were laid against Thompson in July 2021, postponing his trial. These included “six counts of computer fraud and abuse, and one count of access device fraud,” according to court documents. The charges came as cyber investigators progressed through analyzing the data they had entered.

For its part, Capital One’s settlement will cover the 98 million customers affected by the breach. Despite the deal, the banking company and its cloud service provider, Amazon Web Services, have denied any responsibility. They agreed to settle, they said, “in the interests of avoiding the time, expense and uncertainty of continuing litigation,” according to their filing in a federal court in the Eastern District of Virginia. In 2020, Capital One also agreed to pay $ 80 million to settle claims from regulators who accused it of not being equipped with proper cybersecurity procedures as it switched to cloud storage technology.

The new date for Thompson’s trial has been set for March 2022.

Sources:

Capital One settles $ 190 million class action lawsuit in 2019 hack

Seattle technician arrested for data theft involving major financial services company

New charges against Capital One hacker, trial postponed to 2022


Comments are closed.