Page 1 of 2

Data Breach Omnibus Thread

Posted: Tue Jul 30, 2019 4:42 pm
by dualstow
‘Cos every forum needs one.

We have four Capital One cards in our household, used daily.
Darn.

Re: Data Breach Omnibus Thread

Posted: Tue Jul 30, 2019 5:25 pm
by Xan
If it's any comfort, they caught the guy who did it.

Image

Re: Data Breach Omnibus Thread

Posted: Tue Jul 30, 2019 6:23 pm
by dualstow
It’s a she, right? Paige Adele Thompson. (looks male, though)
Not much consolation if people apply for credit in my name, but yeah, I’m glad she’s been caught.

Re: Data Breach Omnibus Thread

Posted: Tue Jul 30, 2019 7:23 pm
by Xan
dualstow wrote:
Tue Jul 30, 2019 6:23 pm
It’s a she, right?
Depends how you define "is". Or "she". One or the other.

Re: Data Breach Omnibus Thread

Posted: Tue Jul 30, 2019 10:07 pm
by ochotona
Just plain ugly

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 6:48 am
by WiseOne
Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.

Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about.

I'm also fairly impressed with Capital One's handling of the situation. They put Equifax to shame.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 7:36 am
by jacksonM
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 8:52 am
by dualstow
I love that the chair of Cap One is named Mr Fairbank. He was born for this.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 9:09 am
by Xan
WiseOne wrote:
Wed Jul 31, 2019 6:48 am
Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.
Well, at first I thought it was interesting that it was a woman. First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 10:04 am
by dualstow
Xan wrote:
Wed Jul 31, 2019 9:09 am
First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.
You're saying Thompson is transgender, then. That would explain the confusion.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 10:14 am
by ochotona
jacksonM wrote:
Wed Jul 31, 2019 7:36 am
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 10:48 am
by jacksonM
ochotona wrote:
Wed Jul 31, 2019 10:14 am
jacksonM wrote:
Wed Jul 31, 2019 7:36 am
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.
Yes, that's a good point. There were several data breaches at the company I worked for and at least two of them were inside jobs. In one case a database administrator simply copied data to a thumb drive and carried it out of the building (that one made the headlines). I think he just got out of jail. In the other case, someone removed all limits on ATM withdrawals resulting in about $20-40 million in losses. Cost a friend of mine who was the CIO his job. Don't know if they ever caught the person responsible.

This was one of the reasons they were considering moving to the cloud - the other being cost of hardware and all the upgrades that would have to be made to tighten security.

I guess I'm just a control freak because if it was my decision I'd rather not turn things over to a company I have no control over.

I believe I read the government is going to use Amazon cloud storage (I think it was even the Pentagon). In that case, Amazon may very well do a better job of it.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 12:15 pm
by dualstow
WiseOne wrote:
Wed Jul 31, 2019 6:48 am
...

Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about....
My parents got hit with identity theft over a year ago and they're still finding it difficult to move on.

I mean, they're mostly taking all the right measures. I helped them with passwords. They've filed reports with the authorities (who didn't care). I think they got their money back in every instance except for some Amazon purchases. Amazon originally said they would refund the amount and then, inexplicably, changed their mind.

Every morning, seven days a week, my Dad checks to see if any new lines of credit have been opened in his name, and things like that. Because 20 different things like that have happened so far. His address was changed at the post office for mail forwarding (no password required!). New credit cards were opened at places that my father called and warned them about: I'm looking at you, USAA. Loans were begun...
We even know the address where the crook was receiving his goods from Amazon and have informed the FBI. No joy.

We think it was Equifax and not an error on my dad's part, but they're doing everything they can to not make this worse. Will probably never move on.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 5:42 pm
by dualstow
...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.

Re: Data Breach Omnibus Thread

Posted: Wed Jul 31, 2019 10:32 pm
by Tortoise
dualstow wrote:
Wed Jul 31, 2019 5:42 pm
...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.
“What’s in your wallet?”

Someone else’s Capital One card! >:D

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 6:56 am
by WiseOne
Dualstow, so sorry to hear about your dad's travails. I would never have thought of the post office mail forwarding issue!!!

Instead of checking credit daily and fighting new loans as they pop up, why not have your dad freeze his credit? All those credit cards and loans must be a nightmare, but the freeze should prevent any new ones from happening.

And how exactly did the identity info allow the perpetrators to buy on Amazon under your dad's account? Did they get his password, or did they set up an account linked to one of his credit cards? Password is an easy fix. For the credit card, contact the credit card company, dispute the charges/report the fraudulent use, and change the card # or close the account. And contact Amazon to have them close the fraudulent account - you did that already, I expect.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 7:28 am
by dualstow
Tortoise wrote:
Wed Jul 31, 2019 10:32 pm
dualstow wrote:
Wed Jul 31, 2019 5:42 pm
...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.
“What’s in your wallet?”

Someone else’s Capital One card! >:D
O0
I think on cnbc they said something to the effect of, they won’t be rerunning that ad anytime soon.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 7:40 am
by dualstow
WiseOne wrote:
Thu Aug 01, 2019 6:56 am
Dualstow, so sorry to hear about your dad's travails. I would never have thought of the post office mail forwarding issue!!!

Instead of checking credit daily and fighting new loans as they pop up, why not have your dad freeze his credit? All those credit cards and loans must be a nightmare, but the freeze should prevent any new ones from happening.

And how exactly did the identity info allow the perpetrators to buy on Amazon under your dad's account? Did they get his password, or did they set up an account linked to one of his credit cards? Password is an easy fix. For the credit card, contact the credit card company, dispute the charges/report the fraudulent use, and change the card # or close the account. And contact Amazon to have them close the fraudulent account - you did that already, I expect.
WiseOne, the mail thing was the craziest, but believe me there was fierce competition. O0
How: it started with a little social engineering. Getting the cell number transferred to another carrier without ever touching the physical phones. I have read both on forums and elsewhere that it’s fairly common to have a complicit employee at a cell company.

From there, accepting one-time PINs from all kinds of sites, including gmail. One year later, after just a few minutes or hours trying to wrest control of gmail from the thief and seeing it taken back, everyone is frozen out of the account. 100 documents lost, except those that were downloaded for offline preservation.

The only mistake he really made was not to tackle Amazon on time. I specifically told him to check his order history as soon as he told me his phone and email were hacked. He didn’t do it until i showed up in person. Actually, I did it and read it aloud to him. So there’s your answer: his account. But, I get it. He’s an octogenarian and he was shaken. Already had medical stuff going on in the family that was stressing him out, and other things, and then the hacker hit him where it counts.

Yup, he and I did what you said and much, much more. It’s been a journey.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 8:55 am
by ochotona
dualstow wrote:
Thu Aug 01, 2019 7:40 am
How: it started with a little social engineering. Getting the cell number transferred to another carrier without ever touching the physical phones. I have read both on forums and elsewhere that it’s fairly common to have a complicit employee at a cell company.
Two-factor using mobile phones is a semi-weak link! Which is why I use the app authenticator for both Fidelity and Schwab. For institutions where I rely on mobile phone for 2FA, I just enable every damn security alert possible by email and text, and plan to jump like OJ Simpson running through the airport for his Avis Car if I ever get one.

My credit reports are frozen...

I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 6:19 pm
by Tortoise
ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 7:44 pm
by dualstow
Tortoise wrote:
Thu Aug 01, 2019 6:19 pm
ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.
You know what’s funny, though? All the stuff that is a pain in the butt for law-abiding citizens is a walk in the park for slick criminals. My folks were asked to bring in paperwork no fewer than three times to renew their drivers’ licenses, but the crook got a copy of my dad’s just like that. Probably told them he misplaced his. Never mind that he had it sent to a totally different city.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 8:35 pm
by ochotona
Tortoise wrote:
Thu Aug 01, 2019 6:19 pm
ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.
They mail the PIN to your home address, so if your physical mail is secure, you're ok.

Re: Data Breach Omnibus Thread

Posted: Thu Aug 01, 2019 8:54 pm
by Tortoise
dualstow wrote:
Thu Aug 01, 2019 7:44 pm
You know what’s funny, though? All the stuff that is a pain in the butt for law-abiding citizens is a walk in the park for slick criminals. My folks were asked to bring in paperwork no fewer than three times to renew their drivers’ licenses, but the crook got a copy of my dad’s just like that. Probably told them he misplaced his. Never mind that he had it sent to a totally different city.
Ah yes, the beauty of social engineering. If 99/100 gatekeepers strictly enforce the rules, but 1/100 bends the rules a little if asked the right way, just focus your efforts on finding that one weak gatekeeper and you’re in. The weakest link. :-\

Re: Data Breach Omnibus Thread

Posted: Sun Aug 04, 2019 6:39 am
by WiseOne
Yikes dualstow, your poor dad!! So glad you were there to help. That was one thorough thief you were dealing with. email, mail, online accounts all at the same time???

I didn't get the invite for the IRS PIN and I don't live in one of the listed states, so I have to protect my tax return the old fashioned way: File as early as possible. There's a still a window where a thief could get in ahead of me, but at least it reduces the chances. I wish the IRS wouldn't accept returns until after the banks and brokerages cough up their 1099-divs. It's also annoying that Turbotax won't import them for at least a week after the forms are available online, so this past year I manually entered the last one.

Re: Data Breach Omnibus Thread

Posted: Sun Aug 04, 2019 7:06 am
by ochotona
Anyone who has been the victim of a data breach may get an IRS PIN. You don't have to be invited. Just put "Equifax breach" as the reason.