All Articles

The Legal Case for Capital One AWS Security Breach + A Short Synopsys

Posted by CISO Platform on August 5, 2019 at 8:00pm

Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know all the deatils of the breach.

Short Synopsys Of What Happened:

  • Paige Thompson copied and downloaded 700 different S3 buckets 
  • Paige was able to access a server that had a misconfigured firewall
  • She accessed EC2 Instance in the server through an opening in the firewalls
  • Since the Server's IAM Role permitted the access to S3 of 700+ Buckets, she could access them
  • Now she just ran the "List Buckets" command and the "Sync" command from the AWS CLI

>>Here is a link to the legal case that has been built: Legal Case Link

Learnings From The Breach:

This breach might cost Capital One $150 Millions and on top of that the loss of brand/face ... 

  • Audit your security regularly
  • Monitor misconfigured infrastructure like "open S3 buckets"...etc
Views: 315
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by CISO Platform

Priyanka, Co-Founder and Editor, CISO Platform Breach Intelligence, leads our threat intelligence and incident analysis efforts, providing actionable insights to the global cybersecurity community. With extensive experience in cybersecurity leadership and breach analysis, she specializes in translating complex technical threats into strategic intelligence for security executives.

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab