Amazon Refuses Blame For Capital One Data Breach Says Its Cloud Services Were Not Compromised In Any Way

Yesterday, the financial services company confirmed the breach impacted roughly 100 million individuals in the U.S. and approximately six million people in Canada. Data stolen included 140,000 social security numbers of credit card customers and 80,000 bank account numbers.

According to Capital One, the details were stolen in March via a misconfigured firewall. The personal data was related to people who had applied for the company’s credit card products.

Leaky AWS buckets have been responsible for a stunning amount of unwanted data disclosures in recent years. In July, cybersecurity company UpGuard revealed that an IT contractor called Attunity had a misconfigured server which exposed customer data from a number of other firms, including Netflix and Ford. In 2017, files were leaked from an unsecured database that exposed data of nearly 200 million U.S. voters.

Indeed, in many cases AWS data exposures are not the result of technical hacking tricks. In the Attunity case, for example, the files were public and visible in plain text, Bloomberg noted. In the 2017 election leak, cyber researchers said the files were not protected by a password.

The FBI has arrested a 33-year-old suspect, Paige A. Thompson, in relation to the Capital One incident, noting she used the name “erratic” online.

Thompson has been charged with one count of computer fraud and abuse. According to the Department of Justice (DoJ), the fraud is punishable by up to five years in prison and a $250,000 fine. Thompson’s hearing will take place August 1.

Officials said leaked Capital One data was initially uploaded to a code repository website known as GitHub, prompting an individual to bring it to administrators’ attention on July 17.

Federal agents searched the suspect’s Seattle home yesterday and claimed to have seized digital storage devices, including one that contained a copy of the exfiltrated bank data. The complaint said Thompson “recognizes that she has acted illegally.”

Richard Fairbank, CEO of Capital One, said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”