What's In Your Wallet?

Hopefully, it's not a Capital One credit card.

Financial giant Capital One announced a large data breach Monday, with the company saying that one person accessed personal information on up to 100 million people in the United States and 6 million in Canada who had applied for or are currently considered users of the company’s credit cards.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice. A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

The criminal complaint against Thompson paints a picture of a less-than-careful suspect.

Thompson posted the information on GitHub, using her full first, middle and last name, the complaint says. She also boasted on social media that she had Capital One information.

 

In a channel on Slack, a chat service often used by businesses as well as other groups, Thompson explained the method she used to break into Capital One, the Justice Department alleges. She claimed to use a special command to extract files in a Capital One directory stored on Amazon's servers.

 

Your data are not safe anywhere other than on your own personal systems. In the case of banks, for example, information was much more secure when it was stored on local servers. The so-called "cloud" systems of vast server farms are considerably more susceptible to intrusion.

 

They're not "green" either - they eat tons of electricity (which is why there are so many server farms near The Dalles, Oregon. Close to the hydropower sources, electricity is relatively inexpensive for the companies that own the farms).