Yet another large breach.
This one due to a “configuration vulnerability in our infrastructure”, as reported in a press release by Capital One this month*. Configuration vulnerabilities can mean many things. Some vulnerabilities might come from vendor-controlled firmware/software, like Microsoft’s announcement a couple months ago about Remote Services, but most come from the expertise your IT technician or engineer has with setting up or maintaining your network, or lack-thereof. With Network configurations, you can easily say, “The Devil’s in the Details” and mis-configurations are a root cause of most breaches. Gartner estimates by 2020, 99% of all firewall breaches will be caused by misconfigurations, not vulnerabilities.
We do not know the details of this breach, but we suspect it’s not unlike any other.
As of now, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada. Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised. But even with those promising circumstances, many people lost significant data to the thieves, which is used by other thieves to target you and your business.
Most of the information accessed was on consumers and small businesses that applied for one of our credit card products from 2005 through early 2019. This information included personal information, such as names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the breach also gave access to other credit card customer data, including:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
- About 140,000 Social Security numbers of their credit card customers
- About 80,000 linked bank account numbers of their secured credit card customers
You should have your network assessed for vulnerabilities – NOW.
- Perform a Security Risk Analysis
- Use multi-factor authentication
- Secure your remote staff’s connection (VPN or devices like Sophos Red)
- Review permissions set for each employee
- Make sure hardware and software are updated and patched
- No default passwords!
- Validate certificates and encryption settings
To learn more about what to do to protect yourself and your business, check out few past blogs
- Employee Training – https://www.integrityky.com/security-awareness-training-time-to-jump-on-the-bandwagon/
- What to do when your credentials are found on the Dark Web – https://www.integrityky.com/whatnow/
- How do you know if your training is working? – https://www.integrityky.com/phish-testing/