July 31, 2019
100 Million People Exposed in Capital One Breach
A hacker gained access to over 100 million credit card applications from Capital One. The hacker in custody is accused of stealing 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and countless other pieces of personal information.
According to reports, the hacker exploited a misconfigured application firewall in March 2019. Capital One has said they have fixed the vulnerability and it is unlikely any information was used for fraud or other nefarious purposes. Capital One will notify customers affected and will offer free credit monitoring.
Recently, Equifax was fined up to $700 million in relation to a 2017 data breach that impacted hundreds of millions of Americans.
Penalties for breaches like this have only increased under the General Data Protection Regulation. GDPR was enacted to give consumers more control and insight into their personal data and will require companies to ensure they are following safety procedures to collect, process, and store data.
Similarly, some states and countries are passing data privacy laws and regulations to protect personal data and hold companies accountable. Recently, California passed the California Data Protection Regulation Law which regulates how companies store data and will require them to disclose the types of data stored.