Capital One suffered a massive data breach, which affected approximately 100 million Americans; unsurprisingly, they are facing major scrutiny. Lawmakers on the House Oversight Committee sent correspondence to Capital One and Amazon requesting information on the incident. As is the mainstay of modern data breaches, it would appear that getting educated in the ways of data security is low on the priority list.
The hacker, a former Amazon Web Services (AWS) employee, has been arrested, and while the suspect, Paige Thompson, stole information ranging from bank account details, names, date of birth, and even social security numbers, the concerns stretch far beyond the breach.
As Amazon is standing to win a multi-million dollar contract with the Pentagon, to supply the military with a cloud computing system, this goes far beyond any data breach. With the political concerns associated with the fact that it was a former Amazon employee, especially when there are those that have gone to work for the Pentagon to help design the contract, there could very well be a conflict of interest. But, with this in mind, despite internal issues, the major upheaval any major banking corporation can have over a data breach of this magnitude means they have to take extra precautions.
What can we learn from this? As the problem stemmed partly from a misconfigured Open Source Web Application Firewall, this highlights that modernizing some aspects of IT components are essential. What does this have to do with yourself as the average businessperson?
As with any standard business, you could struggle to modernize your IT. This is where companies like Electric can help you modernize your IT alongside other modern IT specialists. As companies face scrutiny over small-scale attacks, the Capital One debacle has highlighted a major breach of confidence.
William Bengston, who was formerly a security engineer at Netflix, was hired to be the director of cloud security for Capital One. As he had created a series of blog posts highlighting Netflix had detected and prevented compromises within AWS, Capital One may very well wish they had him sooner. The big problem is that there are skills and knowledge gaps.
Bigger companies, like Capital One, have to learn new methods of working while also maintaining the old components at the same time. Cloud security is one of the major issues, especially now where companies are operating with an old data center, and upgrading their systems.
On top of this, the scrutiny the Capital One will face from customers is going to be a very real wake up call for them. As the company is facing Congress, this is going to be a long road for Capital One. And what of the customers that are concerned that they are open to fraud?
There are ways for customers to check if the information was stolen. Capital One stated that it will contact individual U.S. customers that were part of the hack beginning Monday, Aug. 5. At the moment, the website doesn’t let you check, but this won’t stop customers feeling that they are vulnerable. And could very well make the leap to a competitor. Needless to say, Capital One will have a lot of groveling to do!
It’s nothing new. Unfortunately, from the various multinationals in America, data breaches are commonplace. This highlights a major skills gap in the companies, but also, due to the fact that the Capital One theft was done by an AWS employee, this may very likely spur customers om to undertake additional research in case there is a conflict of interest.
AWS and Capital One working alongside each other is nothing new in terms of the big companies working together. But as the big companies get bigger, will customers feel secure in the fact that the information is being held by these larger companies?
The fact remains, data breaches are commonplace. If you have any concerns, you should contact Capital One directly, but if you are concerned about your sensitive information, not just now, but in the future, you should exercise care and caution. We live in an age of sensitive information being exposed on a regular basis. Where does the line get drawn?
Capital One has stated that they have fixed the issue that the hacker used to infiltrate the system, and have worked with the Federal Law Enforcement. And as by way of apology, they will offer free credit monitoring and identity protection to these customers. But is this enough? One of the biggest banks in the world has suffered a major loss, and will need to go a long way to make repairs.
Discussion about this post