You are using an older browser version. Please use a supported version for the best MSN experience.

Why the Capital One breach is unlike any other major hack

CNBC logoCNBC 7/30/2019 Kate Fazzini

Capital One is dealing with what will likely be one of the most important breaches of the year.

The incident involved theft of more than 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital One customers, allegedly stolen by a single insider, according to court filings in Seattle.

The details set it apart from breaches of companies like Equifax and Marriott, which were attacked from the outside by criminals with a nation-state connection. It's also different from the spate of ransomware attacks against major U.S. cities, which were likely committed by groups of individuals outside the U.S.

Instead, according to the indictment of Paige Thompson, she was able to exploit a loophole in a Capital One cloud server's firewall to gain access to the information.

Thompson had several social media accounts listing experience as an engineer working for Amazon. Even if Thompson was employed at Amazon, it may not have been a factor in the incident.

Amazon Web Services "was not compromised in any way and functioned as designed," Amazon said in a statement, adding that the reason for the breach was a misconfiguration of firewall settings managed on the cloud server by Capital One, not a vulnerability in the cloud server itself.

The incident, which is still unraveling, will bring up major issues facing the biggest tech companies, cloud firms and banks, namely how to control who has access to sensitive consumer data and detect insiders who may go rogue.

An unlikely scenario

In many ways, it's the nightmare scenario for a large company. Banks like Capital One have in recent years become much more adept at protecting against outside threats that target sensitive personal data. But protecting against a single individual bent on destruction and with even a modicum of access can be much harder.

According to the indictment, Thompson exploited a misconfigured firewall in a cloud server used by Capital One. She allegedly used a Tor browser, which anonymizes a person's online activities, to gain this access. She also used a virtual private network known as IPredator to further obscure her activities, according to the indictment.

All of these factors combined with the possibility of insider knowledge means this incident will be closely watched by cybersecurity professionals and banks, particularly to see whether there was any way Capital One could have avoided the incident under the circumstances.

"Capital One had some good security practices in place ," said Sam Curry, chief security officer of cybersecurity company Cybereason. "As a positive, they made an arrest quickly and there is a chance to minimize damage. Normally, it's months, years or never in terms of arrests and accountability of the criminals. Finding things sooner in the life cycle always limits the impact and damage to the innocent."

Related gallery: 17 scary cyberattacks that hacked millions of users (provided by Cheapism)

a close up of a computer keyboard: The bank company Capital One announced that an Amazon Web Services employee gained access to more than 100 million accounts and credit card applications earlier this year. It's just the latest in a long line of prominent breaches that have left people wary of forking over their personal information, and companies spending millions to bolster security and settle lawsuits. The hackers' targets have ranged from major retailers to the federal government and even the online dating site Ashley Madison.   Related: 20 Cheap Ways to Protect Yourself From Thieves


More from CNBC

image beaconimage beaconimage beacon