HUNTSVILLE, Ala. – Just days after Equifax announced plans for a settlement after the largest data breach in history, Capital One announced another data breach.
A hacker gained access to more than 100 million customer accounts and credit card applications.
Tech experts say this shouldn’t become a reality for consumers. They explained what people affected by the breach can do to protect their credit right now and how these breaches could be prevented in the future.
The compromised data includes 140,000 Social Security numbers, 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, and credit histories.
Better Business Bureau recommends freezing your credit
Having your data compromised can make a person feel powerless. Officials with the Better Business Bureau of North Alabama say people can the power back by freezing their credit.
“If it’s frozen then no one can make a purchase where a credit check is required and it’s free,” said Julia Cherry, BBB of North Alabama Director of Communications.
In order to ensure your credit is protected, people must freeze it with all three credit reporting bureaus. Here is a link from the BBB with more information about how to do this.
Are data breaches a ‘new normal’?
Joshua Crumbaugh is the CEO of PeopleSec, a Huntsville-based cybersecurity company. He says people should not accept regular data breaches as their ‘new normal’.
“I think the companies can and should do something better,” he said.
33-year-old Paige Thompson was arrested in connection to the breach. She worked at a cloud service provider Capital One was using. According to the Department of Justice, Thompson was able to gain access by exploiting a misconfigured web application firewall. But Brumbaugh says the breach wasn’t due to technical savvy but as a result of human error.
“They didn’t configure their web application firewall properly and so because she had access through the vender that they were using, she was able to get through their firewall and into the data and exfiltrate it,” Crumbaugh said.
Capital One stated in a release on their website that the vulnerability has since been fixed. He says human error is often the cause of data breaches.
“Cybersecurity in general, it’s a human, it’s not a technical problem. Every breach that we look at again, and again it’s some sort of human error that caused it,” he said.
Crumbaugh says 90% of data breaches start with a person clicking a malicious link and the solution to this problem could be as easy as companies providing better training and education.
He says there isn’t much legislation holding corporations accountable for data breaches – which means it’s up to consumers to send a message.
He says the best way to do that is by doing business with companies that make protecting your information a priority.