A breach of information impacting over 100 million people in the US and 6 million in Canada was just announced by Capital One. The accused attacker, who has been arrested, supposedly exploited a misconfiguration in a web application firewall to access the information stored in the cloud (the cloud provider is unnamed at this time). The information included customer data from credit applications, including account numbers and SSNs. Capital One has set aside $150 million to pay for anticipated costs associated with the breach including legal costs and credit monitoring for those impacted.

Commentary: Another day, another massive breach of information. In this case, the attack highlights the value of red teaming and penetration testing. Even when you think you have a secure environment from a control perspective, all it takes is a diligent hacker to find the hole in your wall. Pay someone to find it before you have to pay much more to have an attacker point it out for you. This also points out that it does not take a nation-state or large criminal enterprise to breach a large and well funded company’s defenses.

Likely Threat: Criminals
Likely Motive: Theft, Hacktivism?
Likely Means: 4.x Attack the Network, 6.x Exploit the Information
Opportunities: Secure Configurations, Threat Monitoring, Employee Vetting