Data Breach Omnibus Thread

[dualstow]

‘Cos every forum needs one.

We have four Capital One cards in our household, used daily.
Darn.

[Xan]

If it's any comfort, they caught the guy who did it.

[dualstow]

It’s a she, right? Paige Adele Thompson. (looks male, though)
Not much consolation if people apply for credit in my name, but yeah, I’m glad she’s been caught.

[Xan]

It’s a she, right?

Depends how you define "is". Or "she". One or the other.

[ochotona]

Just plain ugly

[sophie]

Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.

Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about.

I'm also fairly impressed with Capital One's handling of the situation. They put Equifax to shame.

[jacksonM]

According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.

[dualstow]

I love that the chair of Cap One is named Mr Fairbank. He was born for this.

[Xan]

Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.

Well, at first I thought it was interesting that it was a woman. First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.

[dualstow]

First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.

You're saying Thompson is transgender, then. That would explain the confusion.

[ochotona]

According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.

Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.

[jacksonM]

According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.

Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.

Yes, that's a good point. There were several data breaches at the company I worked for and at least two of them were inside jobs. In one case a database administrator simply copied data to a thumb drive and carried it out of the building (that one made the headlines). I think he just got out of jail. In the other case, someone removed all limits on ATM withdrawals resulting in about $20-40 million in losses. Cost a friend of mine who was the CIO his job. Don't know if they ever caught the person responsible.

This was one of the reasons they were considering moving to the cloud - the other being cost of hardware and all the upgrades that would have to be made to tighten security.

I guess I'm just a control freak because if it was my decision I'd rather not turn things over to a company I have no control over.

I believe I read the government is going to use Amazon cloud storage (I think it was even the Pentagon). In that case, Amazon may very well do a better job of it.