https://www.wsj.com/articles/capital-one-breach-casts-shadow-over-cloud-security-11564516541
By Robert McMillan
The Wall Street Journal
July 30, 2019
One of the highest-profile hacks of consumer-banking data has sent financial
institutions scrambling to figure out how millions of records at one of the
biggest proponents of cloud-computing were exposed.
Capital One Financial Corp., the fifth-largest U.S. credit-card issuer, said
Monday that information of roughly 106 million card customers and applicants
was exposed in one of the largest data breaches of a big bank.
The data was stored on Amazon.com Inc.’s cloud, according to a federal criminal
complaint and people familiar with the matter. The avenue of entry, the
companies and investigators said, was a poorly configured firewall -- a
mechanism designed to wall off privately operated digital systems -- that a
hacker breached.
Both companies say controls around the data, rather than use of the cloud, were
the problem. Still, the data was stored in the cloud, raising questions about
whether Capital One put insufficient safeguards in place to lock down customer
records when it adopted cloud technology. And the accused hacker’s tenure as a
former employee of Amazon’s cloud business highlights the risk -- previously
little appreciated -- of an insider threat.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
