Presentation

profileravitej01
CapitaloneChallenges.docx

Running Head: CAPITAL ONE 1

CAPITAL ONE 2

Security incident

Introduction

Data privacy is the best thing that organizations should ensure to protect their clients and their operational data for effective operations. The progress in technology has led to problems in information security in cloud computing and there have been rampant issues of security breaches. Most institutions and organizations have experienced massive data breaches as a result of hackers accessing their data in the cloud. Capital One Company has lost its data due to an outside attack that led to data breach.

The breach occurred when a scammer had gained access to more than hundreds of millions of customer's accounts and applications (Atreya et al., 2019). The hacker had access to social security numbers of potential customers that most of them had linked their bank account numbers to their credit cards. Names of customers' addresses, identity, the score of their credit, and limits, as well as balances, were exposed in this breach. The scammer gained authorization through the exploitation of a misconfigured web application firewall.

This breach affected most people in Canada and the United States, even though no credit card account numbers or social security numbers were compromised. The company faced financial strain since they incur costs approximate to millions of dollars due to the hack. Capital One had to notify the people affected and made free credit monitoring as well as identification of protection available (Novaes Neto et al., 2020). The expenses they needed to carter for included customer notifications, credit monitoring, and legal support. They also incurred costs in upgrading their technology to fix their vulnerabilities.

The company did not practice security hygiene. The company failed to update all their applications that made them susceptible to attacks. It did not equip its system with modern tools that could handle suspicious requests. They lacked tools to prevent requests from reaching the servers and block any access that could maintain the integrity of information.

References

Atreya, S., Koduri, N., Yim, W. T., & Daryoush, E. (2019). U.S. Patent Application No. 15/879,588. Retrieved fromhttps://patents.google.com/patent/US20190228186A1/en

Novaes Neto, N., Madnick, S., de Paula, M. G., & Malara Borges, N. (2020). A Case Study of the Capital One Data Breach. Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (January 1, 2020). Retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3542567