Capital One is dealing with one of the most important data breaches of the year.
The incident involved theft of more than 100 million customer records, stolen by a single, experienced engineer, according to court filings in Seattle.
The details set it apart from breaches of companies which were attacked from the outside by criminals and different from the spate of ransomware attacks by groups of individuals outside the U.S.
Paige Thompson was able to exploit a flaw in an application firewall stored on an Amazon Web Services cloud server to gain access to the information.
An Amazon spokesperson confirmed Thompson had worked for Amazon but she left in 2016. The breach took place between March and July this year.
The incident is still unraveling and will bring up major issues facing the biggest tech companies, cloud firms and banks, namely how to control who has access to sensitive consumer data and detect insiders who may go rogue.
No comments:
Post a Comment