Capitol One Says Breach Hit 100 Million Individuals in U.S (Jul 29, 2019)
The Personally Identifiable Information (PII) of approximately 100 million people was breached according to Capital One Financial Corp. The information was stored in an Amazon S3 system, with the theft occurring between March 12 and July 17. Appearing in federal court on Monday, July 29, a former Amazon employee was accused of breaking into Capital One’s server and stealing data. The stolen information included credit scores, dates of birth, home addresses, names, phone numbers, transaction history along with 140,000 Social Security numbers, and 80,000 bank account numbers. The employee accused of accessing the data faces a federal charge of computer fraud, which includes a maximum sentence of five years with a $250,000 fine.
Recommendation: Leaks of this sort leads victims to be at risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Individuals who have accounts associated to this story should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.