Capitol One Breach

The Capital One Data Breach: How Crisis Could Have Been Averted

Reading Time: 3 minutes

In what is sure to be one of the largest data breaches of 2019, financial giant Capital One confirmed on Monday that sensitive customer data had been breached, affecting around 100 million Americans and 6 million Canadians. A hacker, who is a former Amazon employee, exploited their cloud servers and stole credit card application data, including 80,000 bank account numbers and 140,000 Social Security numbers.

The largest category of information which was accessed is related to consumers and small businesses who applied for credit cards between 2005 and early 2019, according to a statement from Capital One. 

The stolen information included names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income, as well as other bits of important data that may be used by criminals to carry out fraud. 

Who Let the Data Out?

The cause of the breach was a cloud firewall configuration vulnerability, which Capital One said it has since fixed. The unauthorized access took place on March 22-23, 2019 when the attacker exploited a firewall misconfiguration which permitted commands to reach the impacted server. 

This exploit allowed a hacker to execute a series of commands on the bank’s servers. Once through the perimeter, the intruder commandeered the credentials for an administrator account, gaining access to Capital One’s data stored on their AWS servers. The file contained code for three commands:

The first command obtained security credentials from an administrator account that had access for web application firewalls. The second listed the number of buckets or folders of data in an Amazon Web Services (AWS) database. The final command by the hacker was to copy the data from the Capital One repository. After successfully exfiltrating the data from Capital One’s servers, the hacker posted the stolen data to GitHub for a brief while before dropping a dime on herself on Slack. Despite her use of tools aimed at keeping her anonymous, it created a digital trail for their potential arrest. 

Is Capital One to Blame? 

Data breaches on cloud storage services are occurring more often, primarily because more companies are using the cloud and attackers are seeing this as a fruitful platform. Despite the migration to cloud services, companies are still responsible for their own security even on the cloud. When implementing a cloud storage service there are many financial and logistic benefits but companies must not forget the importance of cloud storage security. 

There is no denying that cloud computing is the way of the future, but when financial institutions that house so much sensitive customer data approach the cloud, implementing the proper security measures is an absolute must. In the case of the Capital One breach, despite being cloud innovators, security wasn’t up to par.   

Capital One has been a major advocate in the banking world for cloud services. The company is migrating more of its applications and data to the cloud and plans to be done with its data centers by the end of 2020. Other financial institutes have been more cautious of implementing cloud services, largely for security reasons.

Cloud-hosting services such as AWS are very appealing to companies looking to cut costs as data centers carry a hefty price tag, often tens of millions of dollars. When it comes to data security, AWS, like most providers, the cloud storage model is the Shared Security Responsibility model. This assures certain layers of infrastructure and software security, but the customer is ultimately responsible for how data is used and accessed.

Clearly, there were mistakes with how Capital One was protecting this AWS bucket as it appears someone was able to access the data it contained pretty easily. The Capital One breach is proof that companies have a lot to learn when it comes to deploying security technology effectively and especially the importance of access to cloud storage must be defended and protected by adopting security strategies.

Stay on Top with Secure Network Access 

Many organizations still rely on outdated hardware-based VPN technology with a distributed management system and other complicated client applications. These systems are complex, costly, require extensive management, and most notably, they are not cloud-friendly.

Access to cloud storage must be defended and protected by adopting security strategies, like the Zero Trust security model, which enforces multiple layers of verification before granting resource access. Furthermore, this breach highlights the need to embrace cloud-compatible cybersecurity solutions. 

To prevent similar risks such as the Capital One breach, organizations should use Software-Defined Perimeter technology and the Zero Trust model to close their cloud environments and SaaS services so that they can only be accessed by authorized devices, users and locations.

The shift to the cloud is inevitable, so it is key that financial institutions also adopt cybersecurity services that are well designed to integrate with major cloud providers. Our solution is based on the Zero-Trust security model and allows direct access to cloud resources and applications while evaluating the user permissions and related metadata. With Perimeter 81, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.

Read More