News Capital One Data Breach Affects 100 Million Americans

Admin · Jul 30, 2019

Capital One revealed that a data breach compromised the personal information of roughly 100 million people in the U.S. and 6 million people in Canada

Capital One Data Breach Affects 100 Million Americans : Read more

bit_user · Jul 30, 2019

Most of the compromised information came from consumers and small businesses that applied for a credit card between 2005 and 2019.

These guys should have to answer for why they need to keep information from 14-year-old credit card applications! Especially if you didn't even get the load or credit card, why on earth do they still need that information? There's no good reason - they're just data hoarders.

This wouldn't happen if the US had GDPR.

USAFRet · Jul 30, 2019

bit_user said:
This wouldn't happen if the US had GDPR.

About that...

Spain, 2018:
https://www.theinquirer.net/inquire...xposes-personal-data-of-millions-of-customers

Germany, 2019:
https://www.theguardian.com/world/2019/jan/08/germany-data-breach-man-held-in-suspected-hacking-case

France, 2017:

French Company Incurs €250K Fine for Data Leak

A French company has incurred a fine of 250,000 euros for a significant data leak that might have exposed customers' sensitive personal information.

www.tripwire.com

EU wide:
"Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey"

Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey | News | DLA Piper Global Law Firm

www.dlapiper.com

bit_user · Jul 31, 2019

USAFRet said:
EU wide:
"Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey"

Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey | News | DLA Piper Global Law Firm

www.dlapiper.com

Sorry, I didn't actually mean that data breach wouldn't have happened, just that the impact would've been far smaller if they didn't hold onto that data for so long, with no apparent purpose or business necessity.

Apologies for my sloppy wording, but thanks your contributions, nonetheless.

USAFRet · Jul 31, 2019

bit_user said:
Sorry, I didn't actually mean that data breach wouldn't have happened, just that the impact would've been far smaller if they didn't hold onto that data for so long, with no apparent purpose or business necessity.

Apologies for my sloppy wording, but thanks your contributions, nonetheless.

I have had people attribute magical powers to the GDPR, and the earlier UK Data Protection Act.

Just last week, the instructor of a class I was in (Cybersecurity):
"A European website can't collect any data on you. No personal info at all."

I countered with:
'Yes they can, if they have a need and they inform you of it"

Him:
"NO! They can't, at all."

'So if I buy something from a German website, how do they know where to ship it to, and how do they get my money?'

He then just quickly moved on to the next topic.

And here, there IS a requirement to retain records like that for X years.
The aftermath of the Enron scandal, financial companies are required, by law, to retain records like that for some number of years.

TJ Hooker · Jul 31, 2019

USAFRet said:
And here, there IS a requirement to retain records like that for X years.
The aftermath of the Enron scandal, financial companies are required, by law, to retain records like that for some number of years.

Why on earth would they be required to keep personal information of their customers for extended periods of time? I assume you're referring to the Sarbanes–Oxley Act, which applies to financial records, not customer info...

USAFRet · Jul 31, 2019

TJ Hooker said:
Why on earth would they be required to keep personal information of their customers for extended periods of time? I assume you're referring to the Sarbanes–Oxley Act, which applies to financial records, not customer info...

Why would customer financial records not be "financial records"?

In any case, it happened here, it happens in Europe, it happens everywhere.
There is no law or regulation that can prevent malice...only punish after the fact.

bit_user · Aug 1, 2019

USAFRet said:
I have had people attribute magical powers to the GDPR, and the earlier UK Data Protection Act.

Okay, but just so we're clear, that wasn't my intent. I was just referring to the data-retention aspect.

USAFRet said:
Why would customer financial records not be "financial records"?

sigh

SarbQx is about keeping financial records of the company, so that auditors can find evidence of fraud or embezzlement. They don't just blindly keep all data that is at all financial in nature. There's no way the company's auditors need to see millions of 15-year-old credit card & loan applications. Not even recent ones, because those are financial records about the customers - not the company.

Seriously, now you're starting to sound like that dude you were mocking.

USAFRet said:
There is no law or regulation that can prevent malice...only punish after the fact.

But you can mitigate the impact of such hacks.

And if there's less data to steal, it also makes theft less tempting, so fewer are likely to bother. I agree there's no magic bullet that can stop all hacks, but there are many small steps that can be taken to manage the problem.

USAFRet · Aug 1, 2019

Yes.
Reduce the amount of data, and you reduce the temptation.
Sadly, unless forced to, companies don't willingly destroy data like that.

And even weirder, this particular breach was seemingly not done for financial gain, but for the perp to get notoriety. "See what I did? That proves I'm a leet hacker, now gimme a job."
That worked out well for her.

bit_user · Aug 1, 2019

USAFRet said:
And even weirder, this particular breach was seemingly not done for financial gain, but for the perp to get notoriety. "See what I did? That proves I'm a leet hacker, now gimme a job."

As far as we know. If she really just wanted to know if she could pull it off, then I don't see why she went to the trouble of transferring all of the data.

Maybe she did sell it, but wasn't caught in the act. I don't expect her to volunteer that information, if she did.

But I get your point - that she only got caught because she couldn't resist telling somebody, and probably didn't know anyone 1337 enough. I think it's basic human nature to want to brag about your accomplishments, and I've heard, in the news, of several other perpetrators of big hacks who've been caught in this same way, over the years.

Search

News Capital One Data Breach Affects 100 Million Americans

Admin

Administrator

bit_user

Polypheme

USAFRet

Titan

French Company Incurs €250K Fine for Data Leak

Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey | News | DLA Piper Global Law Firm

bit_user

Polypheme

Over 59,000 personal data breaches reported across Europe since introduction of GDPR, according to DLA Piper survey | News | DLA Piper Global Law Firm

USAFRet

Titan

TJ Hooker

Titan

USAFRet

Titan

bit_user

Polypheme

USAFRet

Titan

bit_user

Polypheme

TRENDING THREADS

Latest posts

Moderators online

Share this page