Capital One breach raises doubts over cloud security

Cyber Attack data breach

Credit card company Capital One revealed on Monday the 29th of July that information on over 106 million of its customers had been exposed in one of the largest banking breaches ever. [1]

The breach took place on the 19th of July and exposed the data of mainly US and Canadian customers applying for credit cards between 2005 and 2019. These included individuals and small businesses. Data exposed includes names and addresses, dates of birth, credit scores, social security numbers, transaction data and linked bank account details.

Capital One responded well, making a responsible disclosure of the breach and reporting to the authorities within two days of it being discovered. This highlights the need for companies to have robust procedures in place for dealing with data breaches.

What is more worrying is that the cause of the breach was a misconfiguration on systems hosted at a cloud provider. The data was stored on Amazon’s servers and the hacker gained entry via a poorly configured firewall. The attacker has been arrested but was only caught after she boasted about the breach on an online forum.

Questions raised

The person responsible for the attack has been revealed to be a former employee of Amazon’s cloud business, which raises questions about the risks of insider threats when it comes to protecting data. While there is no suggestion that insider access was involved here, it highlights the fact that customers of cloud services may not know who has access to their systems at an administrative level.

According to Amazon, the problem was not related to the cloud system itself. However, Capital One’s misconfiguration of its cloud security is also concerning and has led to a scramble by other financial institutions to make sure that they are not similarly exposed. [2]

There are also doubts surrounding the company’s use of encryption. This should have prevented the data being accessed in a readable form even if someone gained access to the servers where it was stored.

Cloud attractions

Capital One has been an AWS customer since 2014. It’s easy to see why public cloud services are attractive to large organisations. It’s quick and easy to spool up a new server in the cloud when extra capacity is required. But this convenience is offset by the fact that it becomes easy to overlook configuration problems that can lead to systems being exposed.

Amazon is aware of the problem and has introduced technologies to make errors easier to identify and fix. [3] Indeed, Capital One has said that the fact the data was in the cloud helped it to respond more quickly to the breach than if the data had been held on in-house systems.

What next?

Capital One is working to notify customers whose data may have been exposed in the breach. It has also taken steps to fix the exploit used to prevent further exposure. It has set aside $150 million to cover expenses arising from the breach. However, any potential fines from regulators are likely to be in addition to this.

Credit agency Equifax for example recently reached a $700 million settlement over its 2017 hack that exposed over 140 million records and the UK Information Commissioner is set to levy a record £183.4 million fine on British Airways following 2018’s breach.

Nonetheless, this is worrying for the bank’s customers. Over the coming weeks, it’s important to be alert to emails of phone calls from scammers posing as Capital One or as government agencies seeking banking or other personal information. Capital One customers should also keep a close eye on their statements and credit reports for any unusual activity.

At Cloudworks, security is at the core of what we do. When considering adopting cloud technology, or are thinking about it, we ensure the most effective security controls are in place before migrating to the cloud. We continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.

Call us on 0115 824 8244 or email info@cloudworks.co.uk

[1] https://www.bbc.co.uk/news/world-us-canada-49159859
[2] https://www.wsj.com/articles/capital-one-breach-casts-shadow-over-cloud-security-11564516541
[3] https://aws.amazon.com/macie/?mod=article_inline