Data Breach

Capital One Data Breach

106.0M records exposed • March 2019

A former Amazon cloud employee found a misconfiguration in Capital One's cloud security and exploited it to steal data on 106 million people. She bragged about it on social media and got caught. The breach showed that moving to the cloud doesn't automatically make you secure—you still need to configure it properly.

What Happened

A former AWS employee exploited a misconfigured web application firewall to access Capital One's cloud infrastructure. The attacker used server-side request forgery (SSRF) to obtain credentials and exfiltrate data of over 100 million credit card applicants and customers. The breach highlighted cloud security risks and led to an $80 million fine.

Attack method: Misconfigured AWS WAF and SSRF vulnerability

What Data Was Exposed

Social Security numbers (140,000), Bank account numbers (80,000), Names and addresses, Credit scores, Credit limits, Balances and payment history, Contact information, Self-reported income

Is your business exposed?

What to Do If You're Affected

  1. 1.

    Check Capital One notification letters or call their hotline

  2. 2.

    Freeze your credit if SSN was exposed

  3. 3.

    Monitor bank and credit card statements closely

  4. 4.

    Enroll in free credit monitoring offered by Capital One

  5. 5.

    Watch for targeted phishing using your stolen data

  6. 6.

    Consider changing bank account if numbers were exposed

Lessons for Businesses

  • Cloud misconfigurations are a leading cause of breaches
  • SSRF vulnerabilities can be devastating in cloud environments
  • Insider threats extend to cloud service provider employees
  • Metadata services need strong access controls

Sources

Related Breaches

Equifax, First American, T Mobile

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices