How Government Can Learn from the Capital One Data Breach

Capital One has announced that about 140,000 Social Security numbers and 80,000 linked bank accounts were compromisedin one of the biggest-ever data breaches,” affecting some 100 million individuals in the U.S. and 6 million in Canada. The FBI has charged a person with computer fraud and abuse, reports The Washington Post, citing court records. The hack, which is believed to have occurred in March, is the latest data breach to hit a financial services company.

The compromised information was taken from “credit card applications submitted to the Virginia-based bank from 2005 to 2019. These included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.” (Forbes)

Data breaches and the loss of sensitive, personal information are becoming more and more frequent. News of the Capital One breach, one of the largest and most damaging ever in the finance sector, comes on the heels of the announcement that Equifax, one of the "big three" credit reporting agencies, has agreed  to pay $700 million to many of the 147 million users whose information was compromised in a 2017 breach.

Unfortunately, this breach wasn't discovered because of cybersecurity best practices or through effective monitoring of network activity. The only reason the attack was discovered is because the hacker bragged about it online.

What does this mean for public sector agencies, or for you as an individual? It’s time to take cybersecurity, and the protection of PII (Personally Identifiable Information) seriously. Once you provide your info to anyone – a bank, an employer, even an online shopping site – it’s out of your hands. From that point, you are only as secure as the information systems the organization uses. While banks and retailers continue to report record-breaking profits, we’re also seeing data breaches occur with more frequency and effectiveness. Government must begin to invest more of those profits into robust cybersecurity programs, technologies, and best practices.

*Article written by Asad Zaman, CEH & James Hofsiss, CISSP, DLT Solutions