Capital One Data Breach from My Perspective

Capital One was breached and had 106 million applicants’ information stolen. This breach is one of the largest data breaches to occur. In comparison, the Equifax breach affected 150 million people. Capital One’s breach included 100 million US and 6 million Canadian applicants. These numbers are significant because with the US population estimated at being 330 million people, including minors, this means the breach affects an incredible percentage of US adults.

How did this happen? Capital One has embraced a cloud strategy and uses Amazon’s cloud services. Paige A. Thompson, a 33-year-old, hacked through Capital One’s firewall and was able to steal the applicant data. The stolen data includes applicant information from 2005 to early 2019. The data elements included in the breach include: addresses, dates of birth, self-reported income, social security numbers, bank account numbers, email addresses and more. Fortunately, only 140,000 social security numbers and 80,000 bank account numbers were stolen. This is a very small percentage of the overall breach. Additionally, no credit card numbers or user passwords were stolen. The criminal complaint against Ms. Thompson is, she intended to sell the data on-line. Capital One has stated that it is unlikely the stolen information was disseminated or used for fraud.

What you need to know and do: Because no passwords were stolen, there is no immediate threat of fraudulent bank or credit card transactions. If data was successfully sold on the Dark Web, you can expect an increase in social engineering attacks targeted to individuals and businesses. These attacks will be in the form of SPAM emails, telephone calls, etc. Everyone needs to understand how crafty these criminals are in creating messages that look legitimate.

WARNING: Criminals always take advantage of a crisis. If you receive an email from Capital One advising that you were affected by the breach, it could be a SPAM email. Always verify the link in any email before you click (“Think Before you Click-It”). Even better, don’t click on any links in emails. It is a better practice to go directly to the company’s web site by typing in the URL in a new browser.

Remember: It typically takes more than one thing to go wrong for a company to suffer an IT security incident. For more information on protecting or managing your network, contact Quanexus at or call 937-885-7272.

Request your free network assessment today. There is no hassle, or obligation.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs