This has been going around in the news around here for a few days, but based on other people I've talked to, it hasn't been super publicised elsewhere, and I figured you guys should know.

There was a massive amount of personal information (including social security numbers, addresses, etc.) was stolen from Capital One by a hacker lady here in Seattle.
this isn't a super great article, but it's the first one I saw

My sister already had 600 dollars stolen, pulled out of a seattle atm (she lives in Utah)

If you have any Capital One credit cards, just be super vigilant and pay close attention to your credit score/report so you can catch stuff fast
does this effect CapitalOne 360 accounts?
De2290 wrote:
does this effect CapitalOne 360 accounts?


I'm not sure, but I would assume yes
Pieman7373 wrote:
De2290 wrote:
does this effect CapitalOne 360 accounts?


I'm not sure, but I would assume yes


well then that's a problem I have a lot of money in there that I was really hoping to invest...
Pieman7373 wrote:
Just be super vigilant and pay close attention to your credit score/report so you can catch stuff fast

Credit scores/reports are updated around once a month, if not longer.

You should be looking at recent credit card charges and verifying the amounts on reciepts.

spotted on Reddit Evil or Very Mad
The attacker exhibited amusingly poor opsec. Read the criminal complaint: https://www.lawfareblog.com/criminal-complaint-capital-one-hacking-case
She seems like kind of an idiot, haha.

Also, it is interesting to see how easy it is for people's online activities to be traced back to them, even with VPN's and stuff
De2290 wrote:
does this effect CapitalOne 360 accounts?

If you are not sure if the information has been stolen, assume it is. Change your passwords to those accounts. If you are using the same or similar passwords on other services, changes those as well to unique passwords. Any sites that allow you to enable Mutl-Factor Authentication should be turned on as well. Make sure if you are using an Authenticator App on your phone that you have some type of security enabled on your device (even if it is just a 4 digit PIN and bio-metrics).

As for the other information that has been leaked, you will need to take prudent safety measures. If you are not planning on needed your credit to be checked for a while, consider placing a freeze on your credit reports with all three reporting agencies. Before you do that, do make sure you are signed up for some type of credit monitoring though as well (you have to unfreeze your credit to enroll in monitoring, but those that have an established history with you can still gather information from a frozen account).

In addition, keep an eye on credit card, debit card, and bank statements. In many cases a small charge will come in first, to see if it is noticed before the big one to take the money out. If you can turn on alerts for charges on your cards, turn them on. I receive alerts for any and all transactions that my card is not present for (e.g. online orders) or if any charge goes over a certain dollar amount. This will give you quicker ability to deal with an issue and not waiting for your statement.
MateoConLechuga wrote:
Pieman7373 wrote:
Just be super vigilant and pay close attention to your credit score/report so you can catch stuff fast

Credit scores/reports are updated around once a month, if not longer.

You should be looking at recent credit card charges and verifying the amounts on reciepts.


That allows you to carch peole usng your card, but some of the leaked information would allow people to apply for credit cards and loans under your name
Desjardins also suffered from a similar security breach (affecting 30% of the entire province population), which made Quebec headlines just days before the CapitalOne leak.
You can get a free credit check from each of the three credit bureaus each year. I do one every 4 months so that I more or less stay on top of my credit.

https://www.ftc.gov/faq/consumer-protection/get-my-free-credit-report
Alex wrote:
You can get a free credit check from each of the three credit bureaus each year. I do one every 4 months so that I more or less stay on top of my credit.

https://www.ftc.gov/faq/consumer-protection/get-my-free-credit-report

This is another great option and should be exercised. Sites like Credit Karma are also good for monitoring your credit as well. Annual Credit Report does a full pull (but, its pulls do not effect scores), where Credit Karma and similar organizations do soft pulls, which also do not effect scores.

Between Capital One and EquiFax (probably more on the latter), we all need to be more vigilant about our credit and identities. The information they have leaked will not expire, nor is it revocable. If your password is sent out in plain text somewhere (which has also happened, Facebook at one time stored many users passwords that way), as simple change and you are "safe" again. In this day and age, one can never be too vigilant about what can effect their lives.

Prudent levels of online safety is something we all need to take seriously. It is just not for the IT folks to worry about. There is a reason good companies do cybersecurity training and keep on it. I have heard reports that 1 in 3 employees will open a phishing emails. I recall one bad email costing a small company over $20k in a single click. Realize that those numbers just keep going up and up. The best firewalls in the world can't do anything if someone brings a piece of software in via a USB stick.

If there is interest, I will be happy to spin off into a new topic where we can discuss cybersecurity topics as a whole, and what steps each person can take to protect themselves, their devices, and their home networks. Please let me know.
The fact that companies let this happen to them makes me angry.

I think companies that get hacked should face large fines for exposing private information and a lot of the information should not be collected in the first place.

Also people should make it clear to companies that get hacked that they will switch to their competitors so that way in the future companies will be aware of the negative financial impact that hacking would have on their company.
ProgrammerNerd wrote:
The fact that companies let this happen to them makes me angry.

I think companies that get hacked should face large fines for exposing private information and a lot of the information should not be collected in the first place.

Also people should make it clear to companies that get hacked that they will switch to their competitors so that way in the future companies will be aware of the negative financial impact that hacking would have on their company.


It would also be nice if the company themselves notified their customers of the data breach directly, like with a letter, even if it just says "hey, we got hacked, your information may have been stolen, you should probably take proper precautions"
Tari wrote:
The attacker exhibited amusingly poor opsec. Read the criminal complaint: https://www.lawfareblog.com/criminal-complaint-capital-one-hacking-case


"Moreover, PAIGE A. THOMPSON also has made statements on social media fora evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally." A+ criminality. On the other hand, the fact that Capital One failed to protect the machines that could access their S3 buckets isn't great.

While we're on the topic, make sure that if you're eligible, that you extract your pound of flesh from Equifax!
ProgrammerNerd wrote:
The fact that companies let this happen to them makes me angry.

I think companies that get hacked should face large fines for exposing private information and a lot of the information should not be collected in the first place.

Also people should make it clear to companies that get hacked that they will switch to their competitors so that way in the future companies will be aware of the negative financial impact that hacking would have on their company.

It is actually federal law now that if you collect Personally Identifiable Information in the United States and you fail to properly secure that data, you are actually guilty of a crime and subject to penalties and fines. In addition, companies do actually have to disclose data breaches when they discover them in a reasonable time frame, or there are additional penalties and fines that can be levied as well. The biggest issue is I do not believe that the requirements for notification of a breach does state how they must announce that such a data leak occurred.

We shall see what fines and penalties that Capital One will have come about. If it is like Equifax though, it might just be a drop in the bucket for them, and not amount to much for the consumers.

To piggyback off of what Kerm is going with, unless you can document actual costs to the Equifax data breach, you won't be able to recover. Those costs would be funds lost due to identity theft, cost of freezing credit prior to it being free, lawyer fees, and I think $20/hour for work. You must be able to prove all of this though, and the pool of money you can draw from is shrinking incredibly fast as well, given the scale of the data they lost.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement