Security News > 2021 > April > Capital One notifies more clients of SSNs exposed in 2019 data breach

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019.

The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One's AWS cloud servers.

While the breach notification letters might seem out of place almost two years after the incident, they were prompted by new findings while analyzing data stolen during the 2019 security breach.

After re-analyzing the stolen data using new tools, the bank discovered that the hacker did gain access and stole some of its customers' SSNs. "Immediately after the 2019 data security incident, we conducted an analysis with the assistance of an external third-party expert to determine what information was accessed by the unauthorized individual," Capital One said.

"Recently, Capital One re-examined the files that were impacted by the 2019 data security incident using new and more advanced tools. As part of this analysis, we determined that your Social Security number was among the data to which the unauthorized individual gained access."

According to Capital One, the bank notified customers of this additional exposed personal information even though there is no evidence that it was disseminated or used for fraud.

News URL

https://www.bleepingcomputer.com/news/security/capital-one-notifies-more-clients-of-ssns-exposed-in-2019-data-breach/