On July 19, 2019, Capital One announced that unauthorized access of its systems had exposed personal information about both account applicants and card holders. If your data was among the stolen files, it's not hard to imagine losing your trading business to identity theft.
Today we'll look at what we know about the hack: how it happened and what was stolen. Then we'll review how you can get prepared for the next time. (And there will be a next time.)
The Story Behind the Hack
The FBI arrested an ex-Amazon employee named Paige Thompson, charging her with theft of Capital One customer information from cloud servers that were rented on Amazon Web Services (AWS).
Even though the data was stolen from the cloud, Capital One said the "configuration vulnerability" she exploited was not unique to the cloud. The hacker used a sophisticated attack that could affect both cloud and on-premises servers.
The attack took place between March 22 and 23, 2019. An anonymous external security researcher informed Capital One about the breach on July 17, 2019.
Paige Thompson was arrested on July 29, 2019. She posted about her Capital One hacking exploits on Slack and Twitter using the online alias erratic. She also uploaded the information to GitHub, an online hub for code storage and sharing. These actions led to her arrest.
Capital One stated they had already fixed the vulnerability that enabled the data breach.
The Impact of the Hack
Capital One’s preliminary analysis suggested the hack might affect 100 million US residents and 6 million Canadians.
Here are some of their initial findings:
- The main data dump came from applicants or holders of Capital One credit cards between 2005 and 2019. The information included names, addresses, emails, phone numbers, dates of birth, and income information.
- Also, the data dump contained 140,000 Social Security numbers and 80,000 linked bank account numbers (for actual US card holders, not for applicants).
- No credit card numbers or log-in credentials were compromised.
Most businesses encrypt sensitive information of this type. That means even if hackers can download the files, they can’t see the actual data. However, in this case, the exploited vulnerability allowed the hacker to also decrypt the data.
Computer Security Practices Aren't Enough
Fending off cyber-attacks has become a routine part of operating a trading business. So what can you do to be prepared?
As a trader, you probably already know the basics when it comes to keeping your trading computer secure. You know about keeping hardware, operating systems, and trading software up-to-date. You understand the importance of secure passwords and monitoring online security.
However, your trading computer security practices can’t prevent a hack like this. These hacks happen on the server level. (Servers are powerful computers responsible for processing and storing online transactions and data.)
Protecting Yourself Against Hacks
In these cases, the best step you can take is to stay vigilant. According to Capital One, the hacked data was not used for fraudulent account creation. But anyone affected should still take steps to detect and prevent identity theft, including monitoring credit history to make sure nothing out-of-the-ordinary shows up.
Companies have learned to be proactive about informing those affected by breaches such as the one at Capital One. And in that case, it affected not only card holders, but individuals who merely applied for a credit card. So it's important to keep an eye out for emails and alerts indicating your information has been compromised.
In addition, Capital One and other corporate victims of data theft generally provide free credit monitoring tools to those affected. Be sure to take advantage of those offers.
If, after taking every possible precaution, you're still worried about cyber-attacks, you may want to consider cyber insurance. Like any insurance, you'll have to weigh the cost and benefits for yourself.
Final Thoughts
Today it’s not possible for traders to operate without online transactions. And cyber-attacks are here to stay. Being prepared to defend against these attacks is part of the day-to-day reality of trading.
Take proper precautions to keep your personal and business accounts safe. Make sure your trading computers are secure.
And today, while you're thinking about it, review the widely available recommendations for preventing identity theft.
No matter how little you do to get yourself prepared, doing something is better than sticking your head in the sand and pretending identity theft couldn't happen to you.
There are more trading computer tips like this in our buyer's guide. Check out our "How To Buy a Trading Computer" e-book. We hope today's Quick Tip helped you. If you found this helpful, you'll want to check out the other computer How-To's I've created on this page. You can always call us if you have questions: 800-387-5250.
Photo by Boris Bobrov on Unsplash.