A cyberattack on the major US bank Capital One has stolen sensitive data from more than 106 million customers. The federal FBI police arrested the alleged hacker on Monday, a 33-year-old computer science engineer from Seattle. She had boasted, according to FBI on the Internet with the data theft.
Among other things, the hacker retrieved names, mailing addresses, telephone numbers, e-mail addresses, dates of birth, and information about customers who were interested in products related to a credit card or wanted a bank card from Capital One. Not stolen, according to the bank but credit card numbers and access data.
In part, information about the creditworthiness, the disposal limit of the cards and transactions came into the possession of the hacker, it said. According to recent findings, it is unlikely that the hacker has re-used the captured data or fraudulently used, said Capital One.
Vulnerability in cloud
The hacker apparently used a vulnerability in a cloud service from Capital One to access the data. The theft did not materialize until mid-July, when an Internet user saw a post on the GitHub web site where she was bragging about the theft of data and informed the major credit card bank. She found out from research that she had been the target of a hacker attack since March – and turned on the FBI.
Capital One boss Richard Fairbank apologized to customers for data theft. The bank is the fifth largest provider of credit cards in the US. The arrested hacker threatened with a conviction five years imprisonment and 250,000 dollars (224,000 euros) fine.
Just two years ago, the US credit agency Equifax had come up with a major data theft scandal. Sensitive data such as social security and credit card numbers of around 147 million people had fallen into the wrong hands. However, unlike the case of Capital One, the company was accused of gross negligence in security matters. A week ago, the company had finally reached a settlement with the consumer protection agency FTC for a payment of around 700 million dollars (625 million euros).
Spied on German corporations
Cyber attacks also hit the headlines in Europe recently. As German media unveiled last week, several German corporations may have been spied on by hackers in the past. A dozen other companies were also targeted by criminals.
Among the spied-out companies are, among others, Siemens, the agricultural chemicals group Bayer and the plastics manufacturer Covestro. Behind the attacks is a hacker group called Winniti. IT professionals and German security agencies suspect that the group originated in China. However, there is no reliable knowledge about who is behind it. The hacker group is said to have also put behind an attack on Thyssenkrupp in 2016.
Million fine for British Airways
The British airline British Airways could cost the consequences of a cyberattack meanwhile expensive. The British data protection authority ICO condemned the enterprise to a penalty payment of converted 204 million euro. Last year hackers had stolen the personal data and bank details of hundreds of thousands of customers.
If a company does not protect its customers‘ data from „loss, damage or theft, that’s more than an inconvenience,“ said the Data Protection Officer Elizabeth Denham. The law is clear on this point: „If you are entrusted with personal data, you must be careful.“
The British Airways parent company IAG is considering objecting to the sentence. After the incident, the airline had promised compensation to those affected and apologized for full-page advertisements in British newspapers for data theft.
In autumn 2018, the social network Facebook was the target of a cyberattack. The group first spoke of 50 million affected users, but later revised that figure to 30 million.
With 14 million of those affected, hackers could also access personal information posted on Facebook – such as gender, relationship status, place of residence, date of birth, and recent locations.
For the rest, only technical data such as name and email address reached the hackers, the company said. According to the company, other services owned by Facebook were not affected – such as the communication services Messenger, WhatsApp and Instagram.
