Sign In

Communications of the ACM

ACM TechNews

Capital One Data Breach Tied to Cloud Computing Vulnerability


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A Capital One branch.

Experts say the Capital One data breach was the result of a vulnerability in the firewall of Amazon Web Services, where the bank stored its data.

Credit: Shutterstock

Experts attribute the Capital One data breach to exploitation of a vulnerability in the firewall of Amazon Web Services (AWS), which the bank used to store its data trove.

The breach compromised the personal information of about 106 million customers in the U.S. and Canada, including 140,000 Social Security numbers, and 80,000 bank account details from Capital One applicants.

Capital One acknowledged the attacker, who previously worked for AWS, exploited "a misconfigured security firewall."

Privacy experts warned the incident highlights cloud computing platforms' tenuous balance between security and efficiency.

Cloud services provider Atlantic.net CEO Marty Puranik said financial institutions must consider inside information a security threat, because exploiters "know the intricate details of the architecture and how to exploit the small nooks and crannies for any weaknesses."

From The Washington Times
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account