The target: Capital One Bank
The take: Highly sensitive information of 106 million customers including: 140,000 Social Security numbers, 1 million Social Insurance Numbers for Canadian credit card customers, bank account numbers, credit card application data including scores, balances, limits and payment history, and some of transaction data.
The attack vector: A misconfigured firewall in Capital One’s AWS infrastructure allowed the attacker to clone data housed in cloud storage instances. The attacker employed VPN and anonymized browsing to execute the attack surreptitiously – but was ultimately found out when they bragged about the heist in public Slack channels. Capital One was notified of the breach via an e-mail tip with directions to a public Github repository where the attacker had archived some of the exfiltrated data.