Capital One Data Breach Recap: Keep Your Organization Ahead of the Curve With IAM


Capital One Data Breach

March 23, 2019 seemed like any other Monday at Capital One headquarters. Little did employees and customers know that, over the weekend, a hacker had successfully breached Capital One’s security defenses. 

As a result, more than 140,000 Social Security Numbers, 1 million Canadian Social Insurance numbers, and over 80,000 pieces of banking and credit information were stolen, along with an undisclosed number of names, addresses, credit scores, and more. 

By the end of the weekend, the hacker, a former Amazon AWS employee (Capital One’s cloud hosting service) was able to conduct one of the largest data breaches ever to hit a financial services firm. Unfortunately, this is just one of the latest examples of a big headline hack to occur. 

Headlines like these may leave you wondering what your own organization can do to stay protected and out of the news. The reality is that there’s no one answer, so your organization’s best bet is to remain ever-vigilant and take a comprehensive approach to cybersecurity. This starts with putting a complete identity and access management (IAM) solution at the core of your organization’s security. That’s because the right IAM solution not only plays a critical role in prevention, but it also limits the damage an attacker can do. 

Let’s take a look at what happened to Capital One, and how your organization can mitigate hacking risks using an IAM solution.

How the Capital One Breach Occurred

The hacker behind the Capital One data breach actually targeted more than 30 organizations from a number of industries, including government, education, finance, and telecommunications. The one thing that each had in common was that the victims were customers of Amazon Web Services (AWS), where the hacker, Paige Thompson, had once worked. 

Although Thompson was not an employee of Capital One, she was able to access their records using their AWS resources, so this type of attack can be categorized as both an insider threat and a hacking incident. Due to inadequate security on Capital One’s part, Thompson was able to breach sensitive customer data. 

Among other nefarious activities, Thompson took advantage of misconfigurations in Capital One’s cloud services and the firewalls that protected the perimeter of its networks. Ultimately, she was able to identify and bypass these firewalls, allegedly use web application firewall credentials to obtain privilege escalation, and slowly gain access to more and more sensitive data. Aiding Thompson’s exploitation of information was the fact that much of Capital One’s databases were not segmented or individually secured.

This breach outlines how easy it is for cybercriminals to access privileged information, and begs the question: what can your organization do to mitigate cyberthreats?

How Can an IAM Solution Help?

Although this scenario involved a hacker’s purposeful, unauthorized use of network access, companies need to be prepared for not only malicious data breaches, but also unintentional insider threats. In both cases, a modern IAM solution can help to provide comprehensive, ever-vigilant network security by supporting preventative methods, as well as limiting the damage an attacker is able to inflict.

First, an IAM solution is able to enforce multi-factor authentication (MFA) throughout an organization's network. After Thompson gained authorized access to Capital One’s cloud servers, she then utilized well-known hacking techniques to escalate and expand her attack. MFA helps thwart this type of unauthorized access by requiring additional authentication to verify a user’s identity. For example, if Thompson—or any other hacker—had obtained a user’s username and password, this would not be enough to gain access because they would still need at least one additional factor. 

An IAM solution also supports privileged access management, which takes a holistic approach to managing accounts with higher privileges and their associated access. Granular access controls allow an organization to limit access to sensitive systems and data based on need, time of day, or function, effectively limiting an attacker’s available attack surface and enforcing least privilege management by controlling the number of users with access to data, as well as what they can do with it. 

This ability to implement granular role- and attribute-based access, as well as temporary exceptions based on need allows organizations to be nimble without sacrificing security. Additionally, all access requests, approvals, revocations, and certifications—for both internal and external privileged users—are audited and monitored. 

Identity lifecycle management further reduces the opportunity for human error and limits the risk of insider threats or unauthorized access. Provisioning, deprovisioning, and role changes can all be automated, ensuring that users don’t accumulate unnecessary privileges over time or retain access once they’ve left the organization. As soon as a user leaves, not only are their accounts immediately disabled in the central access management tool, but all appropriate account disables, deletions, and suspensions also occur in target systems simultaneously and automatically as per the policies defined for each. 

Bringing It All Together

Ultimately, organizations cannot view cybersecurity as a “set it and forget it” exercise; as the Capital One data breach demonstrates, security tools and policies need to continuously evolve to keep up with the threat landscape. 

Fortunately, IAM solutions can serve as the foundation for an organization’s robust cybersecurity, helping to prevent unauthorized access, protect the integrity of data, and limit the risk of human error, all without affecting the productivity of your employees and customers.

Download our guidebook to learn which authentication methods are recommended for different user scenarios.


Subscribe Here!