Capital One Hacker Breached 30 Companies Through a Single Cloud Provider
August 29, 2019
March 31, 2020
Paige Thompson, the suspect in the massive Capital One data breach, was charged with stealing data from over 30 companies. Authorities found hard drives containing multiple terabytes of stolen data at her home.
Thompson stole all of the data by accessing the servers of one cloud provider. Not only did she take 100 million customer’s records from Capital One, she was also able to obtain the other companies data with relative ease.
The rise of cloud storage and computing has led to a tremendous increase in business productivity. It simplifies internal processes that are no longer needed to set up servers, and also makes collaboration much easier.
Files that once had to be approved to leave the company firewall can now be easily sent back and forth to third parties. Everyone’s lives have been made easier with these cloud services. However, often new technologies can be a double edged sword.
With just one weak point, the cloud provider, Thompson was able to breach 30 companies. All it takes is one vulnerability and the whole network can be compromised. It is important to know which organizations you are entrusting with important information.
An interesting thought exercise is to lay out every other company or service that you rely on. Then think about what would happen if one of them was breached.
You don’t have to live in constant fear of a breach. There are plenty of solutions out there that can help you protect your organization’s data. You probably already have one in place now.
However, many of these solutions struggle to perform unless conditions are perfectly tailored for their product. This is definitely not the case in many businesses as there are too many moving parts for anything to be predictable.
Some solutions claim to protect your data, but they provide no actual protection. One high profile company claims exactly this, when in reality they offer only visibility for your data. The key distinction here is this: if someone is stealing your files, they’ll let you know, but can’t do anything about it.
When you look carefully at the underlying solutions and their functions, you’ll start to see that many of them don’t hold up to their claims.
At SecureCircle, we created our solution to do what others cannot. We provide visibility and actual protection for your data.
We give you insights into who is working with your data. Any time a file is interacted with, it is logged. We can send those logs wherever you’d like, whether it be Splunk or another SIEM. This can provide valuable insights about access controls.
Our protection comes in the form of encryption. We encrypt all of your sensitive data by default. Other solutions require the user to decide what needs protection, but that method is flawed. Humans make mistakes, and that’s when breaches happen.
Our solution can work with any operating system, any program, and any file size. You can continue working without a change in workflow. All you have to do is download our client and verify your device with your administrator. It’s that easy.
Feel free to explore the rest of our site for more information.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.