They stole $18 million of Bitcoin and $15 million of Ethereum. The attack took place on January 17th, and targeted nearly 500 people’s cryptocurrency wallets.ĭespite the blockchain being a relatively secure transaction method, the thieves used a pretty simple method to get the job done: they circumvented the site’s two-factor authentication ( 2FA). Had tokenization been applied across the full regulated data set, this breach would have been a non-event,” he said.(Image credit: Lordowski / Shutterstock) Ĭryptocurrency is big business, so it’s no wonder that was subjected to a serious breach at the start of 2022. That same report quotes Mark Bower, vice-president of comforte AG, who said that the case “mirrors how we’ve seen industry regulators rip into ineffective controls over data protection.”īower said that “the signal is very clear: the often referenced shared responsibility cloud model means naught when it’s your data… what’s very surprising about this breach is, per Capital One’s prior announcements, only a fraction of the regulated data was properly tokenized and the rest accessible under attack. Reed continues to explain that the fine “underlines the expectation that organisations demonstrate best security practice at all times.” It is also a reminder of the potential challenges of migrating data from physical IT to the cloud, something that more and more organisations are seeking to do.” Stuart Reed, the UK director of Orange Cyberdefense has told Infosecurity Magazine that “the fine handed out to Capital One is another stark reminder of the financial implications of failing to fully assess cybersecurity risk. They concluded by stating that Capital One is aiming to meet “the highest standards of protection for its customers.” They added that “in the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.” Part of these risk-management changes will see Capital One create a compliance committee by the end of the month, which will meet on a quarterly basis, and will create an action plan derived from improved cybersecurity policies and risk-based thinking in terms of their IT system.Ī spokesperson from Capital One has told CNN Business that “safeguarding our customers’ information is essential to our role as a financial institution.” Interestingly, that report mentions that “before the hack was made public, Capital One employees had raised concerns about what they saw as a high turnover in its cybersecurity unit and a failure to promptly install some software that could have helped to spot and defend against hacks.” Thompson has pleaded not guilty to the charges, and her trail is set to take place some time next year.Īccording to a report from the Wall Street Journal, “consent orders from the OCC and the Federal Reserve also required the bank to make risk-management changes and beef up its cybersecurity defenses.” Prosecutors say that Thompson exploited a “configuration vulnerability” that allowed her to view Capital One customers, as well as their private information, which she posted online. That led federal investigators to Paige Thompson, a former cloud engineer who worked at Amazon, who was charged with computer and wire fraud. Reports state that while the data breach occurred in March and April of 2019, the bank itself wasn’t aware of the breach until mid-July, where someone tipped the company to an online file stored on GitHub.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |