One person was all it took to breach one of the largest banks in the United States and leave more than 100 million customer records vulnerable.
According to court filings, Capital One suffered a data breach of unique and epic proportions in that it only took one person to commit the act.
That one person, Paige Thompson, was an engineer with Amazon Web Services until 2016. She was able to utilize her abilities — and a backdoor flaw in a firewall — to exploit Capital One.
And this latest infringement on personal data should have you frightened.
If for no other reason than, unlike other large data breaches reported by Equifax and other companies, one person pulled it off.
These latest rounds of data breaches have shone a spotlight on cybersecurity, especially in the financial world.
A recent report from CNBC found JPMorgan Chase spends nearly $600 million a year to battle potential cybersecurity threats. Bank of America drops another $800 million.
In fact, counter to the cost-cutting mode banks have been in since the financial crisis in the early 2000s, Bank of America CEO Brian Moynihan said cybersecurity was “the only place in the company that doesn’t have a budget constraint,” according to a Bloomberg report.
There was a quote from a movie (“The Sum of All Fears, I believe) that speaks to this. It suggests worrying about a nation with thousands of nuclear weapons is less of a worry than an individual with one.
What that means is the motives and actions of a larger group are much easier to detect than those of an individual intent on doing harm.
Kind of like the design of the Death Star in Star Wars.
Its defenses were designed to combat large forces, not a single small entity. Look what happened, however. Both times the battle station was destroyed, it was by small entities, not large fleets.
I know that is a bit of a stretch, but it does illustrate the point that this latest breach of Capital One should put fear in all of us because it means large groups aren’t the only ones capable of pulling off these mega-breaches.
It opens the door to any and all possibilities. And, it’s clear banks had not thought of this possibility. Otherwise the millions spent on cybersecurity would have accounted for this scenario.
The takeaway here is keep a sharp eye on your data, because there are threats coming from every direction.