Communications of the ACM

Home/News/Capital One Data Breach Tied to Cloud Computing Vulnerability/Full Text

ACM TechNews

Capital One Data Breach Tied to Cloud Computing Vulnerability

By The Washington Times
July 31, 2019
Comments

View as: Print Mobile App Share:

A Capital One branch. — Experts say the Capital One data breach was the result of a vulnerability in the firewall of Amazon Web Services, where the bank stored its data.

Credit: Shutterstock

Experts attribute the Capital One data breach to exploitation of a vulnerability in the firewall of Amazon Web Services (AWS), which the bank used to store its data trove.

The breach compromised the personal information of about 106 million customers in the U.S. and Canada, including 140,000 Social Security numbers, and 80,000 bank account details from Capital One applicants.

Capital One acknowledged the attacker, who previously worked for AWS, exploited "a misconfigured security firewall."

Privacy experts warned the incident highlights cloud computing platforms' tenuous balance between security and efficiency.

Cloud services provider Atlantic.net CEO Marty Puranik said financial institutions must consider inside information a security threat, because exploiters "know the intricate details of the architecture and how to exploit the small nooks and crannies for any weaknesses."

From The Washington Times
View Full Article

No entries found

Capital One Data Breach Tied to Cloud Computing Vulnerability

Eye-Tracking Window Tech Tells Sightseers What They're Seeing

Rebuttal How-To: Strategies, Tactics, and the Big Picture in Research

Digitization Puts Many at a Disadvantage