Capital One Financial pointed out that a data belonging to over 100 million in US has been illegally accessed due to a vulnerability in Capital One’s firewall. prosecutors accused a Seattle woman recognized by Amazon.com Inc as one of its former cloud service employees.
Amazon Web Services spokesman said that Capital One stolen data is likely to be stored in AWS system, and was accessed via poorly configured firewall responsible to protect one of its application, not through AWS vulnerability.
The Employee ( Paige A. Thompson) was arrested Monday and appeared in federal court in Seattle. U.S. prosecutors in Seattle said that the data theft occurred some time between March 12 and July 17 .
Thompson last worked at Amazon in 2016, spokesman Grant Milne said. The breach described by Capital One didn’t require insider knowledge, he said.
“I am deeply sorry for what has happened,” Richard D. Fairbank, Capital One’s chief executive officer, said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected.”
Capital One also pointed out that a data of over 6 million people in Canada have been affected by this particular breach
The hack collected over 140,000 social security numbers
COF bank said that a large portion of the stolen data was provided by small businesses and consumers when they applied for credit cards between 2005 through early 2019. The bank said. It included a wide array of personal data, such as names, addresses, phone numbers, dates of birth, self-reported income, credit scores and fragments of transaction history. COF also claimed that about 80,000 account numbers of credit consumers have been hacked as well.
In court on Monday, Thompson broke down and laid her head down on the defense table during the hearing. She is charged with a single count of computer fraud and faces a maximum penalty of five years in prison and a $250,000 fine. Her lawyer declined to comment.
U.S. Magistrate Judge Mary Alice Theiler ordered Thompson to be held. A bail hearing is set for Aug 1. Capital One shares fell about 6.5% Tuesday morning, their biggest decline in six months.
Capital One, which is based in McLean, Virginia, has been one of the most vocal advocates for using cloud services among banks. The lender has said it is migrating an increasing percentage of its applications and data to the cloud and plans to completely exit its data centers by the end of 2020 — a move the company says will help lower costs.