You can bet when a high-profile breach of this size and sensitive nature hits, the 4iQ team is hard-pressed, delving deep into investigative work. As we help clients and organizations understand how this malicious actor's activities might affect them, one thing is for certain. A whole lot more personal data has been exposed. Paige Thompson herself made it clear on the #netcrave Slack channel that Capital One wasn't the first and only hack. Tens of gigabytes of data from companies like Ford, Vodaphone, and more.
Let's consider the fact that while she used Tor and a VPN for anonymity, she also left very public trails of her activities. As the "Why" part of the story continues unfolds, I can't help but pause and think about how many malicious hackers with the same capabilities are out there quietly exfiltrating sensitive data from numerous companies and organizations. I don't have to go far for those answers. Seeing the influx of breached data from 4iQ's intelligence perspective gives me a pretty good idea.
But the worry starts there, as I then imagine all the ways breached data is leveraged, with unsuspecting victims at serious risk. At least customers of CapitalOne know (or will soon know) what has happened, and the company will help with preventative measures to protect them.
As the buzz continues, I can't help but worry more about the breaches and leaks that quietly come and go unrecognized and unreported. And what we can do together as a community to fight data breaches related crimes.
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms. What follows is a closer look at the accused, and what this incident may mean for consumers and businesses. On July 29, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server affecting approximately 100 million people in the United States and six million in Canada. Data included approximately 140,000 Social Security numbers and around 80,000 bank account numbers on U.S. consumers, and roughly 1 million Social Insurance Numbers (SINs) for Canadian credit card customers.