Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States Technology

Capital One Breach Said To Also Affect Other Major Companies (techcrunch.com) 41

The data breach at Capital One may be the "tip of the iceberg" and may affect other major companies, according to security researchers. From a report: Israeli security firm CyberInt said Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may have also fallen victim to the same data breach that saw over 106 million credit applications and files stolen from a cloud server run by Capital One by an alleged hacker, Paige Thompson, a Seattle resident, who was taken into FBI custody earlier this week. Reports from Forbes and security reporter Brian Krebs indicating that Capital One may not have been the only company affected, pointing to "one of the world's biggest telecom providers, an Ohio government body, and a major U.S. university," according to Slack messages sent by the alleged hacker.

Krebs posted a screenshot of a list of files purportedly stolen by the alleged hacker. The stolen data contained filenames including car maker "Ford" and Italian financial services company "Unicredit." The Justice Department said Thompson may face additional charges -- suggesting other companies may have been involved.
Further reading: Capital One's Breach Was Inevitable, Because We Did Nothing After Equifax.
This discussion has been archived. No new comments can be posted.

Capital One Breach Said To Also Affect Other Major Companies

Comments Filter:
  • by Anonymous Coward

    Their employee, their liability...

  • by Anonymous Coward

    It's almost like cloud-service providers are an ironic single-point-of-failure.

    • by Anonymous Coward

      (Sent from unsecured AWS bucket acting as unsecured email relay)

  • Capital One keeps customer data in the cloud without an encryption layer?

    After all, any data placed in the cloud may as well just all be printed on your front door. There is no expectation of privacy or security.

    Just my 2 cents ;)
  • The stolen data contained filenames including car maker "Ford"

    OK, I'll bite; what confidential information was some genius keeping in ford.docx ?

  • do a press release to the media with a mountain of unanswered questions that don't add up, get everyone confused and then by the time the truth of it all comes out people have moved on.

    Right off the bat the math didn't add up. The first stories said it only applied to Capital One card applicants in the last 6 years. 100 million people did not apply for a Capital One Card in the last 6 years. That's not far off from the entire adult population of American...
  • by hackus ( 159037 ) on Wednesday July 31, 2019 @04:25PM (#59020034) Homepage

    The fastest and easiest way to conduct industrial espionage on thousands of companies, within a monolithic security infrastructure. Imagine if those companies would have all sorts of private data centers, staff themselves with different OS's, network designs.

    That would be way too hard to crack both from a hardware/software end, and a human social engineering end.

    Just my two cents worth, anyone think I am wrong because IMHO this whole cloud service industry shouldn't be storing anything of value.

    The best application I can think of right now for anything cloud is Cat Videos.

    Excuse me now, I am going to have to call Capital One, my attorney and check my credit to see if I suffered any damages....

    YET.

    • The fastest and easiest way to conduct industrial espionage on thousands of companies, within a monolithic security infrastructure. Imagine if those companies would have all sorts of private data centers, staff themselves with different OS's, network designs.

      That would be way too hard to crack both from a hardware/software end, and a human social engineering end.

      There are two sides to this.

      On the one hand, diversity does create some obstacles -- though given the nature of the vulnerability that was exploited in this case, it wouldn't have helped, because the problem was unpatched application server software.

      On the other hand, the cloud data centers are almost certainly much better-secured than the private data centers would be. I've been in many private data centers, including those of banks and government organizations, and I have visited a couple of Google's

You know you've landed gear-up when it takes full power to taxi.

Working...