Cloud Storage Risks are Real
Organization: Capital One
When: July 2019
Breach Details: Personal information belonging to over 100 million US individuals and 6 million Canadian residents was exposed when a former employee at AWS inappropriately accessed the data. Compromised information included names, addresses, dates of birth, credit scores, payment history contact information, and other data on people who had applied for a Capital One credit card dating back to 2005. Also exposed were the Social Security Numbers of 140,000 individuals and bank account data belonging to 80,000 secured credit card customers.
Lessons Learned: The Capital One data breach resulted from a misconfigured Web application firewall that gave the attacker a way to execute privileged commands on the cloud server hosting the data. "Cloud storage is an increasingly attractive option for large corporations because it is cheaper than on premise," said Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies. But many companies are putting data at risk by failing to adopt security with the same vigor that they apply to on-premise infrastructure. "They should, otherwise the financial cost of penalties and lawsuits will vastly outweigh any IT savings."
Image source: Capital One