Security News

DoJ ‘very disappointed’ with probation sentence for Capital One hacker Paige Thompson
2022-10-05 05:31

Convicted wire fraud perpetrator Paige Thompson has been sentenced to time served and five years of probation with location and computer monitoring, prompting U.S. Attorney Nick Brown to label the sanctions unsatisfactory. Thompson infamously raided cloud storage buckets operated by financial services company Capital One and made off with over 100 million individuals' personal information, in addition to other data heists.

Capital One identity theft hacker finally gets convicted
2022-06-21 18:24

Capital One Financial Corporation announced [] that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers. As you will notice from the OCC's remarks above, the breach ultimately came down to poor cloud security, with data apparently exposed due to being shifted from a privately-controlled data store into the cloud.

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach
2022-06-21 06:05

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "Erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer and damaging a protected computer.

Capital One: Convicted techie got in via 'misconfigured' AWS buckets
2022-06-20 13:32

The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "Misconfigured web application firewall."

Capital One notifies more clients of SSNs exposed in 2019 data breach
2021-04-02 15:46

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One's AWS cloud servers.

Former Roommate of Accused Capital One Hacker Sentenced
2020-10-15 18:37

The former roommate of a woman accused of hacking Capital One banking company and at least 30 other organizations has been sentenced to four years in prison for illegally possessing firearms, according to federal prosecutors. Park Quan, 67, was sentenced Wednesday in U.S. District Court in Seattle after pleading guilty to being a felon in possession of guns, according to U.S. Attorney Brian Moran.

Capital One Fined $80 Million in Data Breach
2020-08-07 11:31

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank's credit card holders. The Comptroller of the Currency said in a consent order Thursday that Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service.

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
2020-08-07 05:33

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. According to a press release published by the OCC on Thursday, Capital One failed to establish appropriate risk management before migrating its IT operations to a public cloud-based service, which included appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts.

Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack
2020-08-07 01:22

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada. "The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

New Android Malware Targets PayPal, CapitalOne App Users
2020-04-30 14:40

An Android mobile malware has been uncovered that steals payment data from users of popular financial apps like PayPal, Barclays, CapitalOne and more. EventBot is not currently on the Google Play app marketplace, but researchers said the malware is nonetheless masquerading as legitimate applications.