So I was a bit dismayed to hear they were the latest victim of a data breach. But as the details were released, it seems the attack was an insider job, and as I have written recently, insider attacks are tough to prevent. Nevertheless, the investigate led to Amazon Web Services employee Paige Thompson as the alleged culprit, and the stolen data was recovered before it was sold or posted online.
As the situation is playing out, we are learning that Capital One had all the appropriate security controls in place, and this allowed them to know the theft had occurred before any real damage was done by the attacker. This is a textbook case for how to do this right.
Nonetheless, these types of attacks are becoming more commonplace. So regardless of where you do your banking, there are some safeguards you can take.
- Check your accounts regularly – Daily online reviews of your accounts are smart.
- Sign up for security alerts – Sign up for any access or payment alert features your bank offers. I like getting payment and access alerts on my smartphone via SMS or email.
- Get credit monitoring – Credit monitoring services can alert you to unauthroized attempts to sign up for credit cards or loans.
- Check your credit reports – Check with each of the credit bureaus at least anually, and even better, quarterly, for unexpected credit activity.
- Get a security freeze – A security freeze prevents anyone, even you, from signing up for a new loan or credit card without first explicitly permitting the application.
- Look out for phish – In the coming weeks or months you can expect to get a lot of phony emails from “Capital One.” These scammers will try to get your online account credentials, so be careful. Only go to the Capital One website directly, not by clicking on a link.
- Educate employees – If this is a business banking account, warn your employees to be on the lookout for fraudulent attempts and requests for online credentials.
Data breaches are almost impossible to prevent, but this one was detected early and the apparent perpetrator arrested before the information was released. All in all, a good job by law enforcement and the Capital One cybersecurity group. For more information , Capital One has provided a link.