In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers’ accounts and credit card applications earlier this year.
Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information.
Cytelligence CEO Daniel Tobok investigates what we know so far and what we can learn from this breach.
- Do we know what really happened during this breach?
Daniel Tobok: Unfortunately, it will take some time for the real truth to come out on what actually occurred. The FBI has been all over this, and of course, they made their arrest and have their evidence, but we still don’t know the facts.
- Reports say that she was an employee of Amazon, how does that impact the breach?
Daniel Tobok: We do know that she was an employee several years ago. It does mean that she could potentially have grabbed that information during her tenure at Amazon. She also could have left herself a backdoor which she was able to come in and out of undetected because Capital One is still using the cloud service from Amazon.
- In your experience, do you see many companies unknowingly have network misconfigurations?
Daniel Tobok: The unfortunate part today, about 38% of all breaches occur because of misconfiguration on a network, it can be firewalls, it can be misconfigured systems or badly configured security. So, it does happen more than you know, more than everybody thinks.
We also need to understand that on average, a bank could have thousands of various servers, and thousands of firewalls and devices. Unless somebody is auditing every device, every single week or month, it’s almost like looking for a needle in a haystack. So, there is a possibility from a misconfigured firewall somewhere sitting and one single port is open out of thousands.
- What surprises you about what we know about the breach so far?
Daniel Tobok: With over 24 years in cyber breach investigations, when I hear that somebody came in through a misconfiguration of firewall, it makes me take a pause and dig deeper. While there is a way to get in through a misconfigured firewall, you do not have access to data through a misconfigured firewall, you really have access into a network. To put this in a nontechnical way, it is a way in, but it still wouldn’t give access to those particular files that are sitting on servers.
- How do you think she gained access while at Amazon?
Daniel Tobok: I don’t know exactly the time when she did it and I think we won’t know this for quite a while. But while she was there, she learned about the configuration of this particular client. Knowing this, it was very easy for her to compromise that system.
So, I’ll give you an example. When you look at threat actors/cybercriminals who are trying to hack into a facility, they have to spend quite a bit of time gathering intelligence and reconnaissance in order to know the buttons to push and where to actually apply pressure to break in. When you have a personal understanding from the inside, even if the information was a little stale, you still know more than the average person. With her expertise and her background, she can easily utilize that and leverage it into an attack.
- Do you think that other institutions are going to examine their security to ensure they aren’t the next big breach?
Daniel Tobok: Unfortunately, I don’t think other financial institutions are going to be doubling up on security, but I do think it’s going to be a conversation for the boardroom. What we’ve seen at Cytelligence, with some of the largest breaches happening on our history over the past 12 months, organizations aren’t acting as they should. One big example is that we still have a lot of data that is not encrypted, it’s just floating out there. And that’s a very big problem.
When you look at some of the biggest breaches we’ve had, like Equifax, there have been millions of records that have been compromised. At this point, we see one in every five people in North America have their data compromised in one way or another. Between retailers and banking institutions, our data is out there, and we have no control of the institution that has our data and their security posture.
- What do you think organizations can do to mitigate this risk going forward?
Daniel Tobok: Unfortunately, breaches have become a norm as we’ve had about five to six big large breaches over the last 12 months. I think people just getting normalized to the idea and I think that’s wrong. It’s important to be demanding of those organizations that keep consumer data to go above and beyond their duties to protect them in any means possible. Because at the end of the day, the onus is on them to protect their data as consumers and people.
As the story develops, we will be updating our Q&A above. Don’t forget to watch Daniel Tobok on various media outlets near you.
- Watch Daniel Tobok on CBC: Everything you need to know about the Capital One data breach
- Read more about Daniel Toboks interview on CBC: Another day, another hack – and the truth is there isn’t much you can do.