UPDATED 23:42 EST / JULY 30 2019

SECURITY

Capital One data breach raises questions about privacy and cloud security

The day after multibillion-dollar financial services company Capital One Financial Corp. disclosed that more than 100 million customers records had been stolen via a poorly secured cloud instance, new ramifications keep on emerging.

Now, concerns are being raised in regard to both privacy and cloud security. That’s all the more so because it’s still unknown if all the data was sold or shared online, raising serious concerns for customers when it comes to identity theft.

“The Capital One breach is one of the biggest data breaches ever,” Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., told SiliconANGLE. “When armed with payment card information and personally identifiable information, malicious parties can make fraudulent purchases, sell said data on the dark web for a quick profit, and much more. While it is unknown if the information was used for fraud purposes, Capital One should still take the proper steps to mitigate potential damages and offer credit protection services to anyone affected.”

Indeed, “the risk of a breach is higher than ever before for financial institutions, said Felix Rosbach, product manager at data protection firm comforte AG. “Those breaches create a lot of stress on both the issuer’s side and on consumers as fraud is easy to commit with stolen account information. Classic defenses like firewalls only protect you from known attack methods and often fail when it comes to insider threats.”

A spokesperson for FileCloud added that the Capital One data breach is all the more rich given the company’s stance when it comes to cloud adoption. “Capital One has been a vocal champion of moving its data into the public cloud and it will be interesting to see how much of an impact their security protocols had in making this data more susceptible to this type of malicious attack,” the spokesperson said.

Looking at the broader picture, Chet Wisniewski, principal research scientist at Sophos Group plc says that it appears this is another example of a trend in data loss incidents that are becoming increasingly commonplace recently.

“Supply chain security is a critical component for information security and as organizations embrace cloud technology, they need to understand and address the inherent risks to information stored there,” Wisniewski explained. “Securing every aspect of the supply chain has never been more important, and that not only includes the physical and software components of information systems, but also staff and the staff of those who provide you with the services needed to deliver your product.”

Photo: Tdorante10/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU