Capital One financial corporation announced that on July 19, 2019, it had determined there was unauthorized access by an outside individual who has obtained certain types of personal information relating to people who had applied for its credit card products and some information for all Capital One credit card customers. Capital One announced that they have recently fixated the configuration vulnerability that this individual exploited and promptly began working with several of the federal law enforcement agency. FBI arrested one person responsible, and that person is based on our analysis till date. The company issued a statement that we are analyzing the information that has been stolen is any part of the data that is being used for fraud or disseminated by this individual. However, we continue with the present investigation that we have conducted.

Based on present analysis to date, the breach has affected approximately 100 million individuals in the United States and 6 million in Canada. The breach has, however, not affected any credit card account number or any log-in credentials and over 99 percent of the social security numbers were not affected. The data that has been compromised includes the initial credentials that are provided by the customers. The compromised data includes 140,000 social security numbers of our credit card customers and about 80,000 linked bank account numbers of our secured credit card customers.  In case to the customers, approximately 1 million social insurance numbers were compromised during the incident.

The company was questioned whether the incident has happened due to its operation over cloud, the company has denied stating that such elements of infrastructure are involved in both cloud and on-premises data center environment. The speed through which we were able to diagnose and fix the complete vulnerability and determine its impact was enabled by the cloud operating model.