July 2019 Capital One reported that it had fallen victim to one of the largest data breaches of the last decade. 100million people were affected by the breach across the US and Canada. Their credit scores, bank balances social security numbers and more, were strewn openly across the internet for everyone to see.
But what evil super computer or international spy-syndicate would be capable of such a feat? Well, the answer is…none. The hack was carried out by a single person, former Amazon employee, Paige A Thompson (cue the disappointment). Thompson previously worked as a software engineer for several different companies including Amazon.
But how could one person hack one the US’s biggest banks?
Well, according to her statement, Thompson was able to access the data through a ‘faulty firewall’ in Capital One’s security. The personal data of millions of customers was stored on Amazon’s cloud storage services.
According to an Amazon spokesperson, the Amazon cloud "was not compromised in any way and functioned as designed,". After attaining the data, Thompson posted the personal details of tens of millions of people to GitHub, an open sharing platform mainly used by programmers.
This has obviously raised serious concerns over the data protection procedures that banks use to protect extremely sensitive information.
But who’s to blame?
Well the expression “bunch of bankers” comes to mind, but not in the traditional sense. Just a month after the Capital One breach, UK based digital bank, Monzo frantically urged 500,000 customers to change their PIN’s due to a catastrophic system error.
Rather than a breach, Monzo’s internal system automatically copied half a million PIN’s onto unsecure files. The files could then be accessed by over 110 employees, compromising bank accounts across the UK.
Monzo prides itself on being a modern bank unshackled by traditional walls and cashier desks, which is the way that many of the new and existing banks are heading. To fulfil the ‘digital generation’s’ demand for instant gratification, many banks would appear to be getting ahead of themselves. Investing heavily in technology such as in app services, online banking and cloud storage – and investing less time and resources in ensuring the proper security procedures are in place.
Were the ‘good old days’ really that bad?
Advancements in digital technology will undoubtedly shape our future and for the most part, for the better. But when millions of people’s finances are at risk, is digital technology really the way forward? The more complex a system is, the more susceptible it is to failure or worse…attack! Bank’s need to prioritise safety, over trying to compete technologically within the digital marketplace.
As one of the leading IT Recruiters in the UK, the Bridge offer some of the most exciting cyber security jobs within some of the most innovate and established companies. Find your next cyber security role here.