Following a bad configuration of a firewall that allowed access to AWS storage services, the US bank Capital One announced that it had been the victim of a massive theft of banking data from its customers. More than 100 million of them have seen their information published on GitHub.
From March 12 to July 17, data from more than 100 million customers of the American bank Capital One were stolen by one and the same person, known as Paige A. Thompson. Since Seattle, she posted pirated information on GitHub on her own behalf and has since been arrested by the FBI.
Paige Thompson took advantage of a bad firewall configuration connected to an AWS S3 storage service to enter and steal credit card numbers from 100 million US customers and 6 million Canadian affiliates of Capital One. Addresses, zip codes, phone numbers, email addresses, birth dates and tax returns have also leaked. Banking information, such as payment history, balance, etc. were also accessible. And that’s not all: 140,000 social security numbers and 80,000 linked bank account numbers were part of the information available on GitHub.
Paige Thompson charged with “unauthorized voluntary access”
The bank was completely unaware of the leak until July 17 when she received an anonymous message informing her of the breach. But as this incident was possible because of the inattention of the bank, which failed to securely secure its servers, Paige Thompson has not been accused of hacking but access to a computer voluntarily without authorization . In a statement , Capital One says it will contact everyone affected. “We will make available to all concerned a follow-up of their accounts for free and a protection of their identity”. The bank expects this incident to cost it another $ 100 to $ 150 million in 2019.