If you haven’t been paying attention, here is a quick recap. Capital One Financial Corp suffered a security breach. In that breach roughly 100 million customers had some, or all, of their personal details stolen. The details exposed included Social Security numbers, bank account numbers, email addresses, ZIP codes, credit scores and much more. To call it shocking is an understatement, and certainly something that should raise some very serious questions. Probably the most prominent being am I safe anywhere online? Can I access any digital venue, online casino or otherwise, and actually consider myself to be safe?
First; let’s get real about the data breach that occurred. Was it serious? Absolutely, 100%, yes it was serious. But, how much harm can actually be done with the information that was stolen? The truth is that in such attacks the biggest treasure for hackers is email addresses. The Social Security numbers stolen were, in fact, tokenized, and not the actual numbers themselves. So very little can be done with them.
So, the two biggest problems are bank accounts being opened with stolen details, or loans being taken out with stolen details. Since Capital One is providing credit monitoring to those who were impacted, these issues should be mostly negated. Hence the biggest risk is users being targeted by phishing or otherwise dangerous emails. The point being, yes the breach was serious, but don’t panic too much.
An Outrageous Problem
With that being said, that the attack was successful at all is outrageous on multiple levels. The hacker responsible was arrested. Paige Thompson, a former employee at Amazon Web, boasted about his success online, quickly getting him slapped in handcuffs.
But if one man can penetrate the defences of Capital One, just what exactly, for the love of all things logical, is going on here?
Before we go further, understand this very clearly. A breach refers to data that has been stolen due to negligence. It happens when information has been left unsecured, or a person has otherwise failed in their duties. A hack is when attackers specifically invade a server with the intention of stealing information. Hacks are extremely rare, and very difficult to pull off. They mostly only happen in movies. Breaches, on the other hand, are commonplace.
Let’s get real about something else. This latest incident is just the tip of the iceberg.
- Facebook has admitted to so many security breaches that the list is literally too long to include here. The most well known involved Cambridge Analytica, but to call that the only Facebook breach is the joke of the century.
- Equifax had a similar breach two years ago, with 147 million impacted.
- WhatsApp had a breach last May, with shocking reports that spyware was being installed via the app.
- Uber had a breach in October 2016, with 50 million users impacted.
The most shocking aspect of all these breaches is that, sorry to say, the problem was good old-fashioned human negligence. Actual security systems are, when used correctly, very close to being impenetrable. But add a human to the equation and cracks quickly begin to form.
In relation to the latest Capital One scandal Attorney General Letitia James explained that safeguards were glaringly missing from the company’s security system, playing a big part in the breach. So as always, we can thank the laziness or blatant incompetence of a human for the steadily escalating situation.
What Can You Do?
Sadly it comes down to the average person to ensure his or her own safety. Major breaches are likely going to occur again, which is the sad reality. Major corporations that store the details of hundreds of millions of people are going to be targeted. Though, once again keep in mind; the biggest treasure for hackers is still generally email addresses. Which isn’t to say more sinister things can be done with stolen data, but doing so would generally put a giant spotlight on the thief, probably resulting in them being nabbed faster than greased lightning.
The fact of the matter is that the individual is far more at risk of falling victim to serious fraud. So, how can you protect yourself, and avoiding causing your own data breach? Not hack.
There are a few key rules to follow.
- Don’t be lazy. Keep separate passwords for your sensitive accounts and change them every few months.
- You can write these passwords down with pen and paper and keep them close at hand. Don’t keep them in a text document on the computer. The real risk is not from thieves stealing the piece of paper; it’s from intruders stealing the text document.
- But you can avoid all of the above by just being careful. If you avoid questionable online locations, your risks go down immensely.
- Don’t download content from questionable websites. Ever. That is where you get malware that will steal your information. Malware can’t install itself, you need to install it.
- Use virus protection and make sure it is up to date.
- Don’t open suspicious emails.