- The bank didn't know about the hack until a member of the public emailed it to say they found the data dumped on GitHub, a popular site among web developers, the Department of Justice (DOJ) said.
- It then took a further two days for the company to report the breach to the FBI.
- Tip-offs like this are a common way for companies to find out about security breaches.
- The DOJ has charged a former software engineer of hacking Capital One's security systems, accusing her of taking the data then posting it online.
- Visit Business Insider's homepage for more stories.
ADVERTISEMENT
Capital One only found out about its 106 million-customer data breach because a member of the public emailed it a tip-off
Capital One's data was breached some time between March and July. 106 million people had some combination of their IDs, social security, and bank account information compromised.
capital one email tipoff
ADVERTISEMENT
Recommended articles
Capital One was only made aware of its enormous data breach because a member of the public emailed the company after seeing the information freely available online.
The American bank announced Monday that it had been breached, affecting some 106 million people in the US and Canada . Many of those people had their personal information, social security details, and linked bank accounts compromised.
Read more: Capital One says it was hit with data breach, affecting tens of millions of credit card applications
ADVERTISEMENT
The Department of Justice (DOJ) has accused Paige A. Thompson, a former software engineer, and charged her with a single count of computer fraud and abuse.
The DOJ said that the breach took place some time between March and July of 2019.
According to a criminal complaint, she stole data from Capital One's cloud provider and posted details of it on GitHub, a project-managing site popular among developers.
Capital One
Roman Tiraspolsky/Shutterstock
Also contained in the complaint is the detail that Capital One didn't realize it had been hacked until someone tipped it off.
ADVERTISEMENT
According to the DOJ, an unidentified person emailed the bank on July 17, 2019, saying: "There appears to be some leaked s3 data of yours in someone's github/gist."
"S3" refers to Amazon Web Services' cloud storage product for developers, which Capital One used to store the data that Thompson breached.
According to the complaint, Capital One contacted the DOJ two days later, on July 19, to report the breach.
The GitHub file in question, which contained Capital One's data, was timestamped April 21, 2019, and was linked to Thompson's name.
ADVERTISEMENT
You can see a screenshot of the email above. The person's name and other identifying information came redacted in the DOJ's complaint, published Monday.
capital one
Reuters/Brendan McDermid
It is common for companies to find out about data breaches in this manner.
Capital One has an email address through which people can flag actual or potential vulnerabilities in their systems. Many other banks have channels like this.
Some of the people who email the hotline are "white hat" or "ethical" hackers, computer security specialists who report security vulnerabilities to their owners, rather than try to exploit them.
ADVERTISEMENT
It's not clear if the person who emailed Capital One was a "white hat" hacker or somebody who chanced upon Thompson's GitHub file.
Thompson is due to appear in court on Thursday. If convicted, she faces up to five years in prison and a $250,000 fine.
See Also:
- The ex-Amazon employee who allegedly hacked into the 5th largest credit card company in the US posted about it online, the FBI says.
- Capital One says it was hit with data breach, affecting tens of millions of credit card applications
- A Tesla driver parked his Model 3 on a stranger's lawn in Florida and left the car plugged in at the house for 12 hours
FOLLOW BUSINESS INSIDER AFRICA
ADVERTISEMENT
Recommended articles
Africa's gaming gold rush: Unveiling the surge in online gambling
Seven African countries added to Meta's AI service coverage
10 African countries with the lowest inflation rates in 2024
Davido launches his label Nine+ in partnership with UnitedMasters
Nigeria's economic ranking drops to fourth in Africa
Moscow inaugurates its House of Africa
The CBN justifies $2b billion loss in forex, dispelling Naira defense claims
10 best airports in Africa in 2024
