Report on the Capital One Data Breach: Security and Recommendations

Verified

Added on 2022/08/18

AI Summary

This report analyzes the Capital One data breach that occurred in July 2019, where hackers exploited a web application firewall vulnerability, compromising the data of over 100 million users. The compromised data included names, dates of birth, email addresses, and self-reported income ranges. The report highlights the importance of cloud network scrutiny and the need for proper assessment of internally hosted servers and patches. Capital One's response, including investments in cybersecurity, traffic analysis, and free credit monitoring, is examined. The analysis reveals a lack of network tracking and emphasizes the need for enhanced research and development in network security. Recommendations include implementing traffic analysis and ensuring firewall updates. The report references several sources, including articles and research papers, to support its findings and recommendations, providing a comprehensive overview of the incident and its implications for data security.

Running head: CAPITAL ONE HACK
CAPITAL ONE HACK
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CAPITAL ONE HACK
News event that is chosen for completion of the report: Capital One Hack
Date: July 2019, 2019
Event:
Capital One had determined that the hackers had broken into the server and had been
exploiting the configuration vulnerability in the process. The vulnerability was in the web
application firewall. It have been seen that there has been an unauthorized access of over 100
million users of Capital One. This number denotes data of clients who originates from US. There
have been unauthorized access to data of over 6 million clients in Canada as well (Lu 2019).
After detecting the issue and severe research process, FBI was able to get hold of alleged hacker.
These humongous numbers ensures that it have been one of the biggest cyber attacks that have
ever taken place.
The information that have been compromised in this case have been based on the data
that have been gathered by the hacker in between 2005 to 2019 from the credit cards of the
clients. The data that have been gathered in the process have been the name of clients, date of
birth of the clients, email addresses and income range that have been self attested by the clients.
However, the major barrier that the hacker had was that he did not have any access to the credit
card numbers.
The main goal of the attack was not known. Due to the fact that the hacker did not
perform anything after gaining access to the data (Mazzarolo and Jurcut 2019). From the
description of the attack being performed, the main aspect that is considered in the process is that
the cloud network requires to be compiled with higher scrutiny. This section also ensures that
there is a requirement of internally hosted servers were to be properly assessed as well. This will

2
CAPITAL ONE HACK
be important for proper assessing of patches that are present in the section. It have been seen that
there has been a proper assessment of the emerging technology that is required in the gathering
personal details.
Steps Capital One is taking
The company have stated that the company have invested heavily on the cyber security
process. This ensures that there has been a lot of expenses being provided and hence wise this
ensures that proper management of the security techniques will be included in the operational
process. Proper research and development team have been appointed and this is the main reason
that the analysis of the traffic that have been entering the network have been checked in a proper
manner (Floyd, Grieco and Reid 2016). Providing free credit monitoring as well as identity
protection have been performing in a proper manner and hence wise this ensures that the clients
will be keeping a check over their own money and this will be ensuring the fact that there will be
a proper management of the data that will ensure that there will be a proper assessment of the
identity protection (Lending, Minnick and Schorno 2018). This identity protection will be
helping in better management of the personal data. This regular tracking of personal data will be
helping in maintaining the robustness of the system.
Analysis
From the data that have been gathered in the process is that there have been a lack of
tracking process. This lack of network tracking process have been affecting the entire aspect.
Again it can be stated that the data that have been generated process states that there is a
requirement of proper research and development process. This ensures that the proper scrutiny in
the network process is to be made and they have been working on the same.

3
CAPITAL ONE HACK
Recommendation
The recommendations that are to be considered in the process are as follows: -
 Traffic analysis of the network is to be performed. This section ensures that in case there
is a better analysis of data trafficking being performed, the entire issue would not have
occurred.
 Implementation of firewall in the networking process also acts important. It can be stated
that there have been implementation of firewall since the very beginning, however,
proper assessment includes the fact that there is a requirement of providing updates. This
providing of updates includes the fact that there would have been.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CAPITAL ONE HACK
References
Floyd, T., Grieco, M. and Reid, E.F., 2016, September. Mining hospital data breach records:
Cyber threats to us hospitals. In 2016 IEEE Conference on Intelligence and Security Informatics
(ISI) (pp. 43-48). IEEE.
Lending, C., Minnick, K. and Schorno, P.J., 2018. Corporate governance, social responsibility,
and data breaches. Financial Review, 53(2), pp.413-455.
Lu, J., 2019. Assessing The Cost, Legal Fallout Of Capital One Data Breach. Legal Fallout Of
Capital One Data Breach (August 15, 2019).
Mazzarolo, G. and Jurcut, A.D., 2019. Insider threats in Cyber Security: The enemy within the
gates. arXiv preprint arXiv:1911.09575.