Data Breach Omnibus Thread
Moderator: Global Moderator
Data Breach Omnibus Thread
‘Cos every forum needs one.
We have four Capital One cards in our household, used daily.
Darn.
We have four Capital One cards in our household, used daily.
Darn.
“As a white person of colour, I am extremely concerned about the rise of black whiteness.” — Titania McGrath
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
Re: Data Breach Omnibus Thread
If it's any comfort, they caught the guy who did it.


Re: Data Breach Omnibus Thread
It’s a she, right? Paige Adele Thompson. (looks male, though)
Not much consolation if people apply for credit in my name, but yeah, I’m glad she’s been caught.
Not much consolation if people apply for credit in my name, but yeah, I’m glad she’s been caught.
“As a white person of colour, I am extremely concerned about the rise of black whiteness.” — Titania McGrath
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
Re: Data Breach Omnibus Thread
Just plain ugly
Re: Data Breach Omnibus Thread
Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.
Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about.
I'm also fairly impressed with Capital One's handling of the situation. They put Equifax to shame.
Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about.
I'm also fairly impressed with Capital One's handling of the situation. They put Equifax to shame.
Re: Data Breach Omnibus Thread
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.
We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Re: Data Breach Omnibus Thread
I love that the chair of Cap One is named Mr Fairbank. He was born for this.
“As a white person of colour, I am extremely concerned about the rise of black whiteness.” — Titania McGrath
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
Re: Data Breach Omnibus Thread
Well, at first I thought it was interesting that it was a woman. First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.
Re: Data Breach Omnibus Thread
You're saying Thompson is transgender, then. That would explain the confusion.
“As a white person of colour, I am extremely concerned about the rise of black whiteness.” — Titania McGrath
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
pariah — 1610s member of a low caste in S. India; Tamil (Dravidian) “drummer”, as members of the lowest caste played drums at festivals. “social outcast,” 1819.
Re: Data Breach Omnibus Thread
Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.jacksonM wrote: ↑Wed Jul 31, 2019 7:36 amAccording to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.
We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Re: Data Breach Omnibus Thread
Yes, that's a good point. There were several data breaches at the company I worked for and at least two of them were inside jobs. In one case a database administrator simply copied data to a thumb drive and carried it out of the building (that one made the headlines). I think he just got out of jail. In the other case, someone removed all limits on ATM withdrawals resulting in about $20-40 million in losses. Cost a friend of mine who was the CIO his job. Don't know if they ever caught the person responsible.ochotona wrote: ↑Wed Jul 31, 2019 10:14 amJackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.jacksonM wrote: ↑Wed Jul 31, 2019 7:36 amAccording to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.
We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
This was one of the reasons they were considering moving to the cloud - the other being cost of hardware and all the upgrades that would have to be made to tighten security.
I guess I'm just a control freak because if it was my decision I'd rather not turn things over to a company I have no control over.
I believe I read the government is going to use Amazon cloud storage (I think it was even the Pentagon). In that case, Amazon may very well do a better job of it.