Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Capital One Breach Casts Shadow Over Cloud Security

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 1 Aug 2019 10:45:01 +0000 (UTC)
https://www.wsj.com/articles/capital-one-breach-casts-shadow-over-cloud-security-11564516541

By Robert McMillan
The Wall Street Journal
July 30, 2019
One of the highest-profile hacks of consumer-banking data has sent financial institutions scrambling to figure out how millions of records at one of the biggest proponents of cloud-computing were exposed.
Capital One Financial Corp., the fifth-largest U.S. credit-card issuer, said Monday that information of roughly 106 million card customers and applicants was exposed in one of the largest data breaches of a big bank.
The data was stored on Amazon.com Inc.’s cloud, according to a federal criminal complaint and people familiar with the matter. The avenue of entry, the companies and investigators said, was a poorly configured firewall -- a mechanism designed to wall off privately operated digital systems -- that a hacker breached.
Both companies say controls around the data, rather than use of the cloud, were the problem. Still, the data was stored in the cloud, raising questions about whether Capital One put insufficient safeguards in place to lock down customer records when it adopted cloud technology. And the accused hacker’s tenure as a former employee of Amazon’s cloud business highlights the risk -- previously little appreciated -- of an insider threat. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: