The Financial Services Industry Just Does Not Get It

The banking and financial services industries are continuously under cyber-attack, which is becoming more sophisticated.  Some of these organisations are learning from their mistakes and the improved sophistication of the attacks but many don’t and this is an on-going problem. Now, the credit card giant CapitalOne has been found to have suffered a potentially disastrsous data breach affecting over 100m customers.
 
In just one Internet minute cyber-criminals steal around $2.9 according to the annual Evil Internet Minute report from RiskIQ.
The company has analysed and data derived from the volume of malicious activity on the Internet and they report that cyber-criminals cost the global economy $2.9 million every minute in 2018, which became a total of $1.5 trillion. 
 
Capital One Financial Corporation has admittedhat they were subjected to a cyber-attack by an outside individual who obtained over 100 million pieces of personal information relating to people who had applied for its credit card products and to Capital One credit card customers. 
 
Capital One claim to have immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The US Justice Dept. hav announced that FBI has arrested the person responsible, suggesting the the breach itsef took place some time before the 19th July when Capital One first realeased the news.
 
A former Seattle technology company software engineer has been arrested on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data. US Attorney Brian T. Moran. is quoted as saying: “Capital One quickly alerted law enforcement to the data theft, allowing the FBI to trace the intrusion,” said US Attorney Moran.  “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.
 
This criminal event has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. No credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, according to Capital One.
 
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
 
Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
 
• Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
 
No bank account numbers or Social Security numbers were compromised, other than:
 
• About 140,000 Social Security numbers of our credit card customers
• About 80,000 linked bank account numbers of our secured credit card customers
 
For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident and the affected individuals will be notified through a variety of channels. The investigation is on-going and CapitalOne says its analysis is subject to change.
 
Almost two years after the breach at Equifax exposed the confidential financial records  of 143m US citizens and four years after the Anthem data encryption debacle allowed hackers access to 80m cutomer records, Capital One's admission comes just a month following discovery of the careless exposure of confidential data by First American .
 
It really does look like the financial services industry has learned nothing about proper data protection practice. 
 
Dept. of Justice:        RiskIQ:
 
You Might Also Read:
 
Banks Are Making It Easy For Hackers:
 
Cyber Attacks On The British Financial Sector Increasing Fast:
 
 
 
« What Is The Dark Web?
5G Networks Expand In The UK »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.