The dust has hardly settled over the Equifax data breach fiasco, and we’re confronted with yet another massive breach that’s sending shock waves around the world and raising some serious questions about how organizations handle their clients’ data. Capital One, ranked 10th on the list of the United States’ largest banks by assets, fell prey to an attack on its network that resulted in data from 106 million citizens in the United States and Canada being stolen. According to Cnet, the data stolen includes approximately 140,000 US Social Security numbers, 80,000 bank account numbers, and 1 million Canadian social insurance numbers.
The victims are those who applied to Capital One for credit between 2005 to 2019.
The hacker is purported to have exploited a vulnerability due to a misconfigured web application firewall. The company uses AWS cloud servers for data storage. The vulnerability permitted the hacker to access around 700 buckets of data from a server by executing commands through the firewall. Amazon has distanced itself from the attack, saying that the vulnerability was in the application layer and not in the underlying cloud infrastructure. It also stressed that its clients had full ownership over how they configured applications and protected sensitive information and that it was beyond the scope of AWS to ensure data security in the application layer.
The hacker supposedly had access to the encryption keys as well, as she was able to decrypt the hacked data. The data hacked includes personal details like names, addresses, email addresses, zip codes, dates of birth etc. of the victims. The victims are also said to be exposed to future phishing attacks, as it’s likely that these details have reached the Dark Web.
Capital One estimates the breach to cost it between $100 million to $150 million this year.
Coming close at the heels of the Equifax breach, Capital One’s data breach is a testimony to just how frequent and deadly network security fails are. It is also widely acknowledged that in both these cases, undetected vulnerabilities in the network led to the breaches. In Equifax’s case, it was an expired certificate while with Capital One, it is a misconfigured firewall and poor key management.
What’s interesting here is that both these incidents could have been prevented if the companies had a proper network security management and endpoint protection system in place. When using multiple third-party services to set up a cloud infrastructure, it’s easy to lose sight of the details for the bigger picture. However, manually keeping tabs on all that’s happening in your network at all times is next to impossible, and although necessary, cannot be done as a job. This is where having a dedicated solution that takes care of your network security for you helps. This way, companies don’t have to live in constant fear of a certificate expiring on them or their keys being stolen.
AppViewX CERT+ protects your network endpoints, with all their keys and certificates, by automating PKI management. CERT+ gives you complete visibility into your encryption key infrastructure, enabling you to predict and prevent breaches before they occur. It tracks certificates in real-time and provides a unified view of the statuses, endpoint locations, respective CAs, and also sends periodic alerts when a certificate nears its expiry. You can request, provision, inventory, renew /revoke certificates, all from a single platform.
Try AppViewX CERT+ now, or schedule a demo with us.