Cybersecurity expert on why Capital One breach may be the new normal
A hacker gained access to the personal information of millions of Capital One credit applications, and has been charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. The case brings into question what motivated this particular hack, and how vulnerable everyone’s information is if it can be done with such ease.
Britt Sidentopf is a global cybersecurity expert with Global Asset Online and joined the Candy, Mike and Todd Show to discuss the Capital One case.
“In my world, there are typically three motivating factors behind this behavior. First is usually notoriety. Second normally is vengeance, maybe you have a disgruntled employee. Third is monetary. If you look at the psychological profile of this individual it’s somewhat self-destructive behavior,” he said.
“If they’re smart enough to do this they’re smart enough to realize that when they take this breach and post on social media, they’re gonna get caught. So it almost comes down to that they’re overtaken by this need to be accepted among their peers, that they were able to accomplish this objective.”
The hacker ultimately procured information — including credit scores, balances, and Social Security numbers — of about 140,000 customers, according to Capital One. It will offer free credit monitoring services to those affected. Of primary concern is the seemingly growing frequency of such breaches, and what ends up happening to the private information of hundreds of millions of people.
“If you look at the breaches of the last three years, the Capital One was not the largest. Equifax was 148 million (in 2017), Marriott was 339 million in 2018. Yahoo in 2016 was 500 million,” he said. “You add those up. That’s over a billion people’s accounts or information that has been breached in the last three years. That’s a staggering number.”
What happens to all that information? It’s hard to say, disturbingly.
“The brutal truth behind the whole thing is most people don’t know where the data winds up. There’s no real way of tracking it down because once the alleged criminal or whoever this is accesses the information, they really can do whatever they want with it, whether they can sell it over the dark web, don’t do anything with it or delete it.”
“At the end of the day as a consumer, we have to take what they call our PI — our personally identifiable information — and take that into our own hands and take the measures to protect that. The only way we’re going to drive change is if we hold these entities accountable for holding our information and maintaining the security of it.”
Listen to The Candy, Mike, and Todd Show weekdays from 3-7 p.m. on KIRO Radio, 97.3 FM. Subscribe to the podcast here.