Bitglass Security Spotlight: Capital One Suffers Data Breach Affecting 100 Million Customers

Newspaper Icon with News Title - Red Arrow on a Grey Background. Mass Media Concept.

Here are the top cybersecurity stories of recent weeks:  

DevOps Connect:DevSecOps @ RSAC 2022
  • Capital One data breach compromises 100 million accounts
  • Dark web trades over 23 million stolen credit cards
  • Facebook to pay $5 billion fine for Cambridge data security lapse
  • Thousands of US students affected by Pearson data leak
  • Sephora encounters exposure of international customer data

Capital One Data Breach Compromises 100 Million Accounts

Capital One recently announced a data breach that uncovered the personal information of 100 million customers. A former software engineer from Seattle is being accused of stealing credit card applications, which detailed 140,000 Social Security numbers and 80,000 bank account numbers. The bank reported that the largest category of information that was taken was the personally identifiable information (PII) of those who applied between the years 2005 and 2019. The PII includes names, addresses, phone numbers, dates of birth, and email addresses.

Dark Web Trades over 23 Million Stolen Credit Cards

Reports brought by cybersecurity firm, Sixgill, was able to highlight the trends and trades taking place on the dark web in correlation with stolen payment card industry (PCI) data. According to the financial fraud report, over 23 million stolen credit and debit cards were being offered on the dark web. Research was able to show that a majority of the PCI came from the United States, which accounted for 65% of the stolen information. Additionally, the break down of major card types affected includes 57% of Visa cards, 29% of Mastercards, and 12% of American Express cards. 

Facebook to Pay $5 Billion Fine for Cambridge Data Security Lapse

The Federal Trade Commission (FTC) announced that Facebook will pay a $5 billion fine for being responsible for the Cambridge Analytica data breach. This fine is being implemented due to Facebook misconducting an order the FTC brought upon about the privacy of user data. The U.S. Securities and Exchange Commission (SEC) has also hit Facebook with a financial penalty of $100 million for misleading investors. Additionally, Facebook has to adhere to reporting privacy breaches to authorities within 30 days, if the personal information of at least 500 users were to be jeopardized. 

Thousands of US Students Affected by Pearson Data Leak 

Publisher of digital and print textbooks, Pearson, suffered a data breach that affected around 13,000 school and university accounts. The breach was recently uncovered, but reports show that data was stolen in November of last year. The PII that was compromised includes student names, email addresses, and dates of birth. The Wall Street Journal reports that 114,000 students were affected in one school district alone. It is unclear as to who was able to access the data, but as a precaution, Pearson is offering free credit-monitoring services, although no financial information was taken.  

Sephora Encounters Exposure of International Customer Data 

Sephora has emailed customers in Southeast Asia, Australia, and New Zealand, informing them about the possible exposure of personal information belonging to customers shopping online. The email articulates that customers who used online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Australia, and New Zealand could mainly be affected. Sephora is reporting that PII such as names, emails, passwords, genders, and beauty preferences may have been accessed. The company was able to report that no financial information was compromised. 

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below. 

Top CASB Use Cases

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Will Houcheime. Read the original post at: