The Capital One incident, which has resulted in about 106 million people in the U.S. and Canada waking up to the realization that their personal details have been hijacked, brings these questions to the forefront of the conversation.
The Suspect
Paige Thompson is accused of breaking into a Capital One server and gaining access to140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.
A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.
Thompson was arrested Monday in connection with the breach, the Justice Department said. Thompson's attorney could not be immediately reached for comment.
How the Crime was Committed
The criminal complaint against Thompson paints a picture of a less-than-careful suspect.
Thompson posted the information on GitHub, using her full first, middle and last name, the complaint says. She also boasted on social media that she had Capital One information.
In a channel on Slack, a chat service often used by businesses as well as other groups, Thompson explained the method she used to break into Capital One, the Justice Department alleges. She claimed to use a special command to extract files in a Capital One directory stored on Amazon's servers.
The FBI special agent who investigated Thompson believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.
One person who saw the information on GitHub notified Capital One of the "leaked data" belonging to the company. Capital One notified the FBI, and an agent searched Thompson's residence on Monday. They found devices in her possession that reference Capital One and Amazon as well as other entities that may have been targets of attempted — or actual –– breaches.
What Should You Do In Response?
Check your accounts now. Look over your credit card and banking statements, and report any suspicious activity to the bank as soon as possible.
Freeze your credit. Taking this step means that no one will be able to access your credit reports without your permission.
Stay vigilant; watch out for scams. Cybersecurity attacks happen all the time, but there are some best practices that could help protect your information in the future.
Here are some extra steps that you could take to combat this situation:
Just a couple weeks ago, NASA was also hacked by a $25 computer. Learn more about how large-scale companies have dealt with situations like these.
You should consider encrypting your data, which we have written up a blog to help you with.
Get a VPN and secure all of your transactions. If you're already using one, you can check if your VPN is still working.
Interested in improving your online security even further? Consider getting a VPN! Subscribe and download Hotspot VPN today at low costs for unlimited browsing and ultra-fast streaming.