Capital One Data Breach 2019

Capital One Data Breach. Around 30 GB of data was breached. It is estimated to consist of around 140,000 social security numbers (SSN); 80,000 bank account numbers of US consumers and around 1 million social insurance numbers (SIN) for Canadian credit card consumers.

3 LESSONS FROM THIS BREACH
------------------------------------------------------

1. AWS S3 bucket in this breach was not publicly exposed. So, contrary to the popular belief, a major data breach is not limited to AWS S3 buckets that are mis-configured and publicly exposed. Think beyond security tools that are doing configuration checks.

2. The data was exfiltrated in this breach using the Sync Command that internally uses APIs. Modern Internet applications are driven by APIs and as seen in this breach today’s Web Application Firewall (WAF) is not the best tool for securing APIs. Think beyond authentication & authorization as today’s threats are ONLY about Data.

3. This data breach was reported to Capital One via their responsible disclosure email. Capital One did not have the right set of tools to provide visibility and discovery. Think beyond reactive response and look towards the right set of tools that provide visibility and discovery which will lead to a better understanding of your Data movement.

Data Breach,Capital One,API Security,Capital One Data Theft,capital one,data breach,credit card,capital one data breach,Capital One Data Breach,capital one hack,Paige Thompson,hacked,cyber security,capital one hacked,credit score,freeze credit report,how to freeze your credit,fraud alert,best credit cards,API,APIs,Securing APIs,Rest API,RESTful APIs,rest api,Capital One Data Breach 2019,capital one breach 2019,capital one breach explained,