Sign In

Communications of the ACM

ACM TechNews

Capital One Data Breach Tied to Cloud Computing Vulnerability

View as: Print Mobile App Share:
A Capital One branch.

Experts say the Capital One data breach was the result of a vulnerability in the firewall of Amazon Web Services, where the bank stored its data.

Credit: Shutterstock

Experts attribute the Capital One data breach to exploitation of a vulnerability in the firewall of Amazon Web Services (AWS), which the bank used to store its data trove.

The breach compromised the personal information of about 106 million customers in the U.S. and Canada, including 140,000 Social Security numbers, and 80,000 bank account details from Capital One applicants.

Capital One acknowledged the attacker, who previously worked for AWS, exploited "a misconfigured security firewall."

Privacy experts warned the incident highlights cloud computing platforms' tenuous balance between security and efficiency.

Cloud services provider CEO Marty Puranik said financial institutions must consider inside information a security threat, because exploiters "know the intricate details of the architecture and how to exploit the small nooks and crannies for any weaknesses."

From The Washington Times
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found