1. Capital One suffers mammoth data breach
Today’s big story concerns yet another disappointing and unsurprising online hack and I’m sorry to report it’s a gloomy one: it’s among the largest data breach incidents ever.
- Banking company Capital One has confirmed a recent hack which saw the data of 106 million people stolen.
- Capital One announced the breach in a press release yesterday, stating the person responsible had been arrested. The breach occurred July 19, 2019.
- The company said it believes the details of 100 million individuals in the United States and approximately 6 million in Canada were affected.
- The bulk of the information accessed is believed to have been gleaned from consumers and small businesses which applied for credit card products from 2005 to early 2019.
What’s been stolen?
- “Names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income,” said Capital One.
- (Again, that’s from potentially 100 million individuals.)
- The company said no bank account numbers were stolen, but “portions” of credit card data were. Things like: “Credit scores, credit limits, balances, payment history, contact information.”
- ~140,000 Social Security numbers from credit card customers were stolen.
- ~80,000 linked bank account numbers from secured credit card customers.
- And the Social Insurance Numbers of around a million Canadian customers.
Who is in custody?
- The FBI has arrested Seattle resident Paige Thompson (33), for the crime (USA Today).
- Thompson, a former Amazon cloud service employee (Bloomberg), stands accused of stealing data by breaching a web application firewall.
- Thompson may have tried to share the stolen information online (CNN), though Capital One said this was unlikely this was achieved. It is continuing to investigate the matter.
- Thompson also allegedly tweeted about the breach on Twitter under the username Erratic (Ars Technica).
- Thompson is said to have been charged with computer fraud and abuse, which carries a maximum sentence of up to five years in prison and up to $250,000 fine (BBC).
What’s the reaction?
- Capital One said it suspects the individual responsible was able to access the data through a configuration vulnerability in its online infrastructure.
- The company said, once discovered, the vulnerability was immediately addressed.
- Richard D. Fairbank, Capital One Chairman and CEO, said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened (…) I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
- Capital One said it would notify affected individuals and pledged to “make free credit monitoring and identity protection available to everyone affected.”
- If you have more questions or want to follow Capital One’s next move, you can visit the pages linked in the Capital One press statement.
There’s nothing pertinent I can add to this story, so I’ll just highlight this article from last Tuesday’s newsletter once again. It relates to another recent high-profile data breach.
2. The Google Pixel 4 is coming with a motion sensing radar (Google). Google continues a rare streak of smartphone teases ahead of the Pixel 4’s launch. The Verge rounds up what it means.
3. Flagship killers: the best high-end phones that won’t break the bank (Android Authority).
4. The Galaxy Note 10+ has been accidentally confirmed by Samsung (Phone Arena).
5. Man tries to take missile launcher on plane (BBC). It wasn’t live but, still — last time I went through airport security, I was shouted at just for not putting all my mini deodorants in the same plastic bag.
6. How Much is Your Face Worth? Google Says $5 (Gizmodo). Google has apparently been asking strangers for selfies to help train its facial recognition algorithms.
7. Microsoft acquires data privacy and governance service BlueTalon (TechCrunch). BlueTalon helps businesses create policies for how their employees can access their data. “The service then enforces those policies across most popular data environments and provides tools for auditing policies and access, too.” It sounds like it could be a worthwhile service in this day and age!
9. EU’s top court rules that sites with embedded Facebook Like buttons must obtain user consent before data is sent to Facebook (TechCrunch).
10. Soon you’ll be able to watch PBS on YouTube (Ars Technica).
11. This black and white photograph tricks you into seeing color (Twitter). It’s not quite blue dress/white dress levels of absurdity (National Geographic), but it’s another neat optical illusion with some interesting science behind it.
12. Huawei and Google were working on a new smart speaker before Trump’s ban (The Register, sign-in required).
DGiT Daily: Your Tech Resource
In case you don’t know, the DGiT Daily delivers a daily email that keeps you ahead of the curve for all tech news, opinions, and links to what’s going down in the planet’s most important field. You get all the context and insight you need, and all with a touch of fun, and the daily fun element that you otherwise miss.