A Seattle woman has been arrested in connection one of the biggest data breaches in banking history as it emerged around 106 million Capital One Bank customers in the US and Canada had sensitive data stolen. The woman is charged with breaking into the bank’s server and the data was stored on Amazon Web Services’ cloud.
Paige Thompson worked for Amazon Web Services in 2016. She was arrested on Monday and appeared in federal court in Seattle. The data wasn’t accessed through a breach or vulnerability, but through a misconfigured firewall protecting one of its applications, and it didn’t require insider knowledge.
The largest category of data stolen was consumers and small businesses who had applied for credit cards from 2005 to early 2019, the bank said. It included personal data, such as names, addresses, phone numbers, dates of birth, self-reported income, credit scores and fragments of transaction history.
About 140,000 Social Security numbers were accessed, as well as 80,000 bank account numbers from credit-card customers, but credit card numbers were not taken, the bank said.
Capital One plans to store all its data on in the cloud by 2020 to lower costs. It is insane to think an organization entrusted with the sensitive data of so many people would blindly put it in the cloud without taking serious encryption precautions.
You cannot trust cloud providers to guarantee the protection needed to keep data safe. Cloud computing comes with a lot of pros, but there are cons too. Namely; security. Every single entry should be encrypted before being uploaded into the cloud. If so, any hacker who got their paws on the data, would only see unreadable binary junk.
With Corporate Cloud Messenger—the business version of get2Clouds—every piece of data stored in the cloud is secured with advanced encryption. It is also a secure messenger that can be used across all devices and is an alternative to email. Colleagues can communication in an encrypted bubble. Chat, send message and files of any size.