Capital One Massive Data Breach

[Pib]

Another massive data breach...this time at Capital One.  

 

https://www.theverge.com/2019/7/29/20746493/massive-capital-one-breach-exposes-personal-info-of-100-million-americans

  Quote

Banking institution Capital One has just revealed that it’s suffered a data breach that exposed the names, addresses, phone numbers, emails, dates of birth, and self-reported incomes of approximately 100 million Americans, and 6 million in Canada, due to a “configuration vulnerability” in the servers of an unnamed cloud computing company hosting the bank’s data.

 

https://www.bbc.com/news/world-us-canada-49159859

 

Quote

 

How many people have been affected?

Capital One is a major credit card issuer in the US and also operates retail banks.

The firm said in a statement released on Monday that the breach affected approximately 100 million individuals in the US and 6 million people in Canada.

The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.

 

 

 

[NCC1701A]

great. i have cap one. this really sucks. should have brought all my money to Thailand.

[Pib]

Yea....I have a couple of Cap1 bank accounts and credit cards.  If it goes the same route as the Equifax data breach settlement Cap1 may need to offer up some free credit monitoring and/or cash settlement to affected customers.

 

Just so many known/publicized and unknown/un-publicized data breaches now days.  And they just seem to be occurring more frequently and getting more massive.  Not simply  affecting a couple thousand or million people but breaches affecting over a 100 million like the Equifax data breach affecting around 140 million....and now this Cap1 data breach affecting around 106 million.  

 

Cloud security isn't all its cracked up to be.  

 

 

[SiamAndy]

It is all about minimizing expenses for the corporations. Having their own properly maintained/secured data centers would be safer but corporate greed always rears its head, hence the move to the cloud and vendors like AWS, Azure, etc.

 

[SiamAndy]

Cloud Advocate

 

Capital One has been one of the most vocal advocates for using cloud services among banks. The lender has said it is migrating an increasing percentage of its applications and data to the cloud and plans to completely exit its data centers by the end of 2020. The move will help lower costs, the company has said.

 

The lender has been the subject of several case studies published by Amazon Web Services that noted the cloud services provider has helped the company develop new technologies faster and improve certain services including its call center.

“We have embraced the public cloud and are well on our way to migrating our applications and data to the cloud,” Chief Executive Officer Richard Fairbank told analysts on a conference call in April. “We are now considered one of the most cloud forward companies in the world.”

[wwest5829]

17 hours ago, Pib said:

Yea....I have a couple of Cap1 bank accounts and credit cards.  If it goes the same route as the Equifax data breach settlement Cap1 may need to offer up some free credit monitoring and/or cash settlement to affected customers.

 

Just so many known/publicized and unknown/un-publicized data breaches now days.  And they just seem to be occurring more frequently and getting more massive.  Not simply  affecting a couple thousand or million people but breaches affecting over a 100 million like the Equifax data breach affecting around 140 million....and now this Cap1 data breach affecting around 106 million.  

 

Cloud security isn't all its cracked up to be.  

 

 

Yep, the technology advances we all enjoy come as a double edged sword. Oops, I am a Cap One Credit Card holder and have used the card regularly here living in retirement. I have been figuring on having to stop my US credit card use with the demand to show money transferred into Thailand. After all, the hotels, restaurants, travel that I charge to the card here with Thai businesses does not go to me as an immigration credit. Hmm, course another approach is to cut back on this spending at Thai businesses. Let’s get ready for the next level of info breach ... the biometrics hacked so that others can present themselves as you ... really.

[Seth1a2a]

18 hours ago, Pib said:

Cap1 may need to offer up some free credit monitoring and/or cash settlement to affected customers.

https://www.capitalone.com/facts2019/

We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.

[rwill]

I use Capitalone but do not have any credit cards.  From what I have read it was credit card applications that were hacked.

[TPUBON]

When I looked at my last statement, they had a notice on the top of the page about the breach. There was also a link you can click on to see if you yourself were effected by this breach. I checked and I wasn't effected.

 

Just like the lottery, 100 million winners and I still can't win. 555555

[Pib]

43 minutes ago, TPUBON said:

When I looked at my last statement, they had a notice on the top of the page about the breach. There was also a link you can click on to see if you yourself were effected by this breach. I checked and I wasn't effected.

 

Just like the lottery, 100 million winners and I still can't win. 555555

What was the closing date of your last statement?   Maybe a closing date after 19 July when Cap1 first began to make the breach public.   Maybe you can post a snapshot.

 

I just looked on both of my credit statements and can't find a link like you are talking about....but both of my statements have a 28 June closing date....July statements not available yet.  And due to a recent change in my address I got a Cap1 notice my closing dates would be changing to by a few days...like to the last day of the month.

[Bangkok Barry]

Isn't it amazing how so many companies/institutions tell you how your privacy is so important to them and they have x security precautions to safeguard your information. And then..... Even the very biggest companies are not able to live up to their promises. If you supply information to anyone, and it is impossible these days not to, then you must be prepared to have that information stolen and perhaps misused. That is life in 2019 and there is nothing anyone seems to be able to do about it.

[kevin612]

Even the federal government loses our data, I am not surprised if banks encounter the same issue.

[Pib]

Regarding your data being "encrypted" on the Cap1 servers which would prevent anyone who stole the data from being able to read it, well, apparently the breach also enabled decrypting of the data.

 

[manchega]

this is for the US mainly, I suspect most of those users provide more of that private information on their facebook and twitter accounts than is taken in a data breach

 

 

 

[manchega]

8 minutes ago, kevin612 said:

Even the federal government loses our data, I am not surprised if banks encounter the same issue.

watch the great hack that demonstrates just how easily manipulated we humans are.  

[Krataiboy]

. . . and the banks want to get rid of cash, take over all our money, and keep only digital records on hackable computers.

 

We must be dumber than they are to go along with this charade.

[RocketDog]

On 7/30/2019 at 1:56 PM, Pib said:

Yea....I have a couple of Cap1 bank accounts and credit cards.  If it goes the same route as the Equifax data breach settlement Cap1 may need to offer up some free credit monitoring and/or cash settlement to affected customers.

 

Just so many known/publicized and unknown/un-publicized data breaches now days.  And they just seem to be occurring more frequently and getting more massive.  Not simply  affecting a couple thousand or million people but breaches affecting over a 100 million like the Equifax data breach affecting around 140 million....and now this Cap1 data breach affecting around 106 million.  

 

Cloud security isn't all its cracked up to be.  

 

 

Security is largely an illusion that is leveraged by institutions and authorities of all stripes to ensure control of the flocks they own and control.

 

Organized religion and authoritarian governments have known and exploited this failure of perception for centuries.

 

My home country, USA, is well down the road of sacrificing its most dear ideals: freedom, liberty, prosperity, right to privacy, and self-respect on the Alter of Security.

[RocketDog]

On 7/31/2019 at 8:47 AM, Seth1a2a said:

https://www.capitalone.com/facts2019/

We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.

Selling trinkets to victims that impact their bottom line next to zero. They have no incentive to improve security when the penalty is so trivial.

 

Want to get their attention?

 

Cancel your card and tell them why.

[elgenon]

On 7/31/2019 at 9:39 AM, TPUBON said:

When I looked at my last statement, they had a notice on the top of the page about the breach. There was also a link you can click on to see if you yourself were effected by this breach. I checked and I wasn't effected.

 

Just like the lottery, 100 million winners and I still can't win. 555555

and you're sure you can trust what they tell you???

[elgenon]

2 hours ago, RocketDog said:

Selling trinkets to victims that impact their bottom line next to zero. They have no incentive to improve security when the penalty is so trivial.

 

Want to get their attention?

 

Cancel your card and tell them why.

I wanted to get my limit increased and they said I needed to use it more. They said no travel notice was now needed. I tried to charge my hotel here and was denied. <deleted>? This is a travel card?

Now the breach while I am here. I have not received notice.

[mooping20Baht]

On 7/30/2019 at 6:56 AM, Pib said:

Yea....I have a couple of Cap1 bank accounts and credit cards.  If it goes the same route as the Equifax data breach settlement Cap1 may need to offer up some free credit monitoring and/or cash settlement to affected customers.

 

Just so many known/publicized and unknown/un-publicized data breaches now days.  And they just seem to be occurring more frequently and getting more massive.  Not simply  affecting a couple thousand or million people but breaches affecting over a 100 million like the Equifax data breach affecting around 140 million....and now this Cap1 data breach affecting around 106 million.  

 

Cloud security isn't all its cracked up to be.  

 

 

 

best to set up credit freezes on the big 3 ,  seems like the whole country  should be receiving the  "free credit monitoring" at this stage,   my understanding is the companies don't even typically tell their customers  when there has been a major  hack ,  so  how many  haven't been publicized

 

re: cloud security,    there is apparently a Billion dollar  bidding process going out  to  M$  or  AWS  for the US Militaries ,   guess this is the latest   "let's give the government to wall street"  iteration

 

https://duckduckgo.com/?q=microsoft+amazon+cloud+us+military+bid&atb=v170-1__&ia=web

 

 

[mania]

14 hours ago, elgenon said:

I wanted to get my limit increased and they said I needed to use it more. They said no travel notice was now needed. I tried to charge my hotel here and was denied. <deleted>? This is a travel card?

Now the breach while I am here. I have not received notice.

 

Yeah what usually happens is you get an immediate email saying is this you on this charge?

You click yes & tell counter rerun & it is fine

 

But yes a hassle & yes they now say no need to tell them your traveling yet ....as you say sometimes problems

[elgenon]

6 hours ago, mania said:

 

Yeah what usually happens is you get an immediate email saying is this you on this charge?

You click yes & tell counter rerun & it is fine

 

But yes a hassle & yes they now say no need to tell them your traveling yet ....as you say sometimes problems

I called the States when I had the problem. Was placed in queue first time I called. I never received an email. Or an apology. Took me 35 minutes to check out. If I had booked a tour or some such I would have been out of luck. I finally went with another card company. Capital One automatically sent me a satisfaction survey, I explained what happened. Never heard back. Still haven't received an email re the data breech. I would say customer service is not their strong point. Other restrictions also make it less attractive for me than my second card.

[Pib]

9 hours ago, mania said:

 

Yeah what usually happens is you get an immediate email saying is this you on this charge?

You click yes & tell counter rerun & it is fine

 

The wife and I have  been using my Cap1 credit cards almost daily in Thailand for at least a half dozen years.   Been used in Thailand probably probably 500 to a 1000  times as I use it almost daily.   Only one time was a transaction blocked when I was paying for some new tires at  PTT/FTT station I use the card at all the time for fuel, maintenance, etc  The transaction was for around Bt12K.  Anyway, the transaction was rejected.  Tried again...still rejected.  I had to use another card from another company.

 

About 15 minutes later I looked at my phone and saw I had an email from Cap1 right at the same time I tried to pay for tires.  And it said something along the same lines of, Is this really you attempting the transaction, yes or no.   I pressed Yes and then I immediately got an email saying my card can now be used as normal again...it was working again.  I confirmed it was working again a few hours later by using it to pay for something.  Never had a problem since. 

 

Now if I had seen that email when the transaction was initially rejected, pressed Yes this is me, and then reran the transaction it would have accepted.  So, if any of my Cap1 cards reject again before I asked to have it rerun I will look at my email.

 

Just something about the transaction that triggered Cap1 to block that particular transaction.

[Pib]

See link for full article. 

 

https://us.cnn.com/2019/08/02/tech/equifax-check-claim-change/index.html

 

Quote

 

Regret your request for $125 from Equifax? You may be able to change your choice

Equifax data breach victims who filed for a $125 settlement check will have an opportunity to change their selection and opt for free credit monitoring instead. The move follows a torrent of consumer requests for cash payments from the embattled credit company.

 

The Federal Trade Commission said Thursday consumers who have already requested their checks — which are meant as subsidies for outside credit monitoring services — will soon be contacted by the third party administrator handling Equifax settlement claims. The administrator will provide consumers with the chance to switch benefits, the FTC said.

 

So many Americans have filed for the cash reimbursements that each individual check is likely to be vanishingly small — "nowhere near" the $125 maximum payment that was held out initially, the FTC said.

 

 

Edited August 3, 2019 by Pib