In March, Capital One’s servers were hacked, exposing the personal information of 106 million customers and applicants in the United States and Canada. Hackers accessed credit card applications from 2005 to 2019 in between March 22 and 23 of this year, while the breach wasn’t detected until July. The personal data that was exposed included:
- Linked bank account numbers
- Credit scores
- Transaction data
- Social security numbers.
Related: 2019’s Top Password Managers
Was Capital One’s Security Breach Preventable?
Jeff Wilbur, Director of the Online Trust Alliance Initiative of the Internet Society, says that this breach was preventable. Referring to the data found in the Internet Society’s Cyber Incident & Breach Report, Wilbur told Security Baron an interview,
“More than 90% of breaches are preventable…It’s important to realize that while larger companies have more resources for security, they also have more complex systems, but that just means they need to be more diligent about data security…Even for companies that have significant resources and set cybersecurity as a high priority this can be a challenge.”
How Capital One Has Responded To Security Breach
In response to the security breach, Capital One has taken a few steps to gain back their customers’ trust, Wilbur said in an interview with Security Baron. To correct the cause of the breach, the bank has informed impacted people, offered credit monitoring and identity protection, and has worked with law enforcement to understand the causes of the situation. Despite security breaches from many financial companies, Americans still trust banks the most with their data, according to a study from nCipher Security.
Related: The Best VPNs of 2019
How Can Smaller Businesses Prevent Security Breaches?
In order to protect against future breaches, Capital One should use encrypted cloud software, password managers, phishing tools, credit monitoring, and more, Wilbur told Security Baron. He added, “For smaller organizations with lean budgets, the lack of resources and expertise makes it even more challenging. Organizations need to learn lessons from the rash of recent breaches and implement the basics first.”