Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know all the deatils of the breach.

Short Synopsys Of What Happened:

  • Paige Thompson copied and downloaded 700 different S3 buckets 
  • Paige was able to access a server that had a misconfigured firewall
  • She accessed EC2 Instance in the server through an opening in the firewalls
  • Since the Server's IAM Role permitted the access to S3 of 700+ Buckets, she could access them
  • Now she just ran the "List Buckets" command and the "Sync" command from the AWS CLI

>>Here is a link to the legal case that has been built: Legal Case Link

Learnings From The Breach:

This breach might cost Capital One $150 Millions and on top of that the loss of brand/face ... 

  • Audit your security regularly
  • Monitor misconfigured infrastructure like "open S3 buckets"...etc
Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform: CISO 100 Awards & Future CISO Awards @ Atlanta

  • Description:

    Nominate for the CISOPlatform CISO 100 Awards & Future CISO Awards - Recognizing Cybersecurity Leaders. Recommend someone you know deserving of this prestigious accolade....Nominate your colleague, mentor, someone you admire or yourself !

    CISO Platform is collaborating as a community partner with EC-Council’s Global CISO Forum, supporting initiatives such as the CISO Platform…

  • Created by: Biswajit Banerjee