Connect with us


Suspected Capital One hacker requests release from jail on health grounds



How big is the Capital One breach?
100 million Americans and 6 million Canadians caught up in breach.

The alleged hacker responsible for the theft of 106 million records from Capital One has requested release from federal custody.

Lawyers for Paige Thompson, accused of the theft of data from the US financial institution, say that jail is a threat to her mental health and wellbeing, the Seattle Times reports.

Capital One said in July that a data breach resulted in the exposure of 100 million records belonging to US citizens, as well as a further 6 million belonging to Canadians. 

Credit card application data, names, addresses, ZIP codes, phone numbers, email addresses, dates of birth, self-reported income, and some bank account numbers were compromised. 

Thompson was arrested following the disclosure. The programmer has also been accused of stealing information from 30 other companies and educational institutions.

See also: Capital One hacker took data from more than 30 companies, new court docs reveal

US prosecutors said that the seizure of servers from Thompson’s home, located in Seattle, revealed “multiple terabytes” of stolen data. However, the FBI is still trying to ascertain which companies have allegedly become victims, and so not every organization has been informed. 

Thompson has previously claimed that none of the data taken from Capital One’s AWS systems has been sold or leaked, and at the time of writing, there have been no reports to the contrary. 

The Federal Detention Center in SeaTac is where the accused, a transgender woman, is being held pending trial. 

CNET: MoviePass reportedly left customers’ credit cards exposed online

Thompson’s defense team has asked that she is moved to a halfway house for better access to mental health care and to prevent her from becoming subject to abuse or experiencing trauma.

Law enforcement, on the other hand, believes that Thompson is a flight risk and “is a danger to herself and others,” according to the publication.

US Attorneys Andrew Friedman and Steven Masada said that “there is no reason to believe that any mental health treatment that Thompson might receive while on release would be any more effective in reducing the danger that Thompson would pose than her prior treatment.”

TechRepublic: Famous con man turned cybersecurity expert urges credit freezing

A hearing is scheduled for Friday. 

While Thompson’s lawyers fight for the change in their client’s circumstances, GitHub is facing a legal challenge of its own. A class-action lawsuit has been filed in California against both Capital One and GitHub, the latter of which is accused of failing to prevent the breach by not acting after a message was posted concerning the hack on its website.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The Five Pillars of (Azure) Cloud-based Application Security



This 1-hour webinar from GigaOm brings together experts in Azure cloud application migration and security, featuring GigaOm analyst Jon Collins and special guests from Fortinet, Director of Product Marketing for Public Cloud, Daniel Schrader, and Global Director of Public Cloud Architecture and Engineering, Aidan Walden.

These interesting times have accelerated the drive towards digital transformation, application rationalization, and migration to cloud-based architectures. Enterprise organizations are looking to increase efficiency, but without impacting performance or increasing risk, either from infrastructure resilience or end-user behaviors.

Success requires a combination of best practice and appropriate use of technology, depending on where the organization is on its cloud journey. Elements such as zero-trust access and security-driven networking need to be deployed in parallel with security-first operations, breach prevention and response.

If you are looking to migrate applications to the cloud and want to be sure your approach maximizes delivery whilst minimizing risk, this webinar is for you.

Continue Reading


Data Management and Secure Data Storage for the Enterprise



This free 1-hour webinar from GigaOm Research brings together experts in data management and security, featuring GigaOm Analyst Enrico Signoretti and special guest from RackTop Systems, Jonathan Halstuch. The discussion will focus on data storage and how to protect data against cyberattacks.

Most of the recent news coverage and analysis of cyberattacks focus on hackers getting access and control of critical systems. Yet rarely is it mentioned that the most valuable asset for the organizations under attack is the data contained in these systems.

In this webinar, you will learn about the risks and costs of a poor data security management approach, and how to improve your data storage to prevent and mitigate the consequences of a compromised infrastructure.

Continue Reading


CISO Podcast: Talking Anti-Phishing Solutions



Simon Gibson earlier this year published the report, “GigaOm Radar for Phishing Prevention and Detection,” which assessed more than a dozen security solutions focused on detecting and mitigating email-borne threats and vulnerabilities. As Gibson noted in his report, email remains a prime vector for attack, reflecting the strategic role it plays in corporate communications.

Earlier this week, Gibson’s report was a featured topic of discussions on David Spark’s popular CISO Security Vendor Relationship Podcast. In it, Spark interviewed a pair of chief information security officers—Mike Johnson, CISO for SalesForce, and James Dolph, CISO for Guidewire Software—to get their take on the role of anti-phishing solutions.

“I want to first give GigaOm some credit here for really pointing out the need to decide what to do with detections,” Johnson said when asked for his thoughts about selecting an anti-phishing tool. “I think a lot of companies charge into a solution for anti-phishing without thinking about what they are going to do when the thing triggers.”

As Johnson noted, the needs and vulnerabilities of a large organization aligned on Microsoft 365 are very different from those of a smaller outfit working with GSuite. A malicious Excel macro-laden file, for example, poses a credible threat to a Microsoft shop and therefore argues for a detonation solution to detect and neutralize malicious payloads before they can spread and morph. On the other hand, a smaller company is more exposed to business email compromise (BEC) attacks, since spending authority is often spread among many employees in these businesses.

Gibson’s radar report describes both in-line and out-of-band solutions, but Johnson said cloud-aligned infrastructures argue against traditional in-line schemes.

“If you put an in-line solution in front of [Microsoft] 365 or in front of GSuite, you are likely decreasing your reliability, because you’ve now introduced this single point of failure. Google and Microsoft have this massive amount of reliability that is built in,” Johnson said.

So how should IT decision makers go about selecting an anti-phishing solution? Dolph answered that question with a series of questions of his own:

“Does it nail the basics? Does it fit with the technologies we have in place? And then secondarily, is it reliable, is it tunable, is it manageable?” he asked. “Because it can add a lot overhead, especially if you have a small team if these tools are really disruptive to the email flow.”

Dolph concluded by noting that it’s important for solutions to provide insight that can help organizations target their protections, as well as support both training and awareness around threats. Finally, he urged organizations to consider how they can measure the effectiveness of solutions.

“I may look at other solutions in the future and how do I compare those solutions to the benchmark of what we have in place?”

Listen to the Podcast: CISO Podcast

Continue Reading