Sergiu Gatlan reports:
US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019.
The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services (AWS) employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One’s AWS cloud servers.
Thompson allegedly stole over 100 million people’s personal information, including names, email addresses, dates of birth, transaction data, credit scores, payment history, balances, and for some, linked bank accounts and social security numbers.
Read more on BleepingComputer, who include a copy of the financial firm’s breach notification letter.
Earlier in the week, DataBreaches.net had found a notification to Maine that explained how the notification was an update after thousands more customers were found who also had their Social Security numbers involved. The notice was enough to make your head spin, but it shows how seriously notification and correctly identifying all those who need to be notified is taken. Should this all have been identified in 2019? That’s another question….