This is an excerpt from a story delivered exclusively to Business Insider Intelligence Banking subscribers. To receive the full story plus other insights each morning, click here.
Capital One Financial Corp. disclosed on Monday that it suffered a data breach in which a hacker accessed the personal information of around 100 million individuals in the US and another 6 million in Canada, TechCrunch reports.
Paige A. Thompson was arrested by federal agents in Seattle in connection with the breach and is accused of breaking through a Capital One firewall to access customer data the bank stored on Amazon.com Inc.’s cloud service, per a federal criminal complaint and people familiar with the matter cited by The Wall Street Journal.
Capital One said it’s unlikely the compromised information has been disseminated or used for fraudulent activity and expects the incident to generate $100 million to $150 million in incremental costs.
This breach will take a big toll on Capital One’s reputation, although the sensitivity of most data leaked is less severe than in other breaches. While Capital One has been active in antifraud — even making its credit-monitoring tool, CreditWise, available to noncustomers — it’s now responsible for an enormous breach on scale with the Equifax breach of 2017, as far as the number of consumers affected (106 million for Capital One, 147 million for Equifax).
But despite the volume of affected customers, the highly sensitive data leaked was more constrained: Only around 140,000 US Social Security numbers (SSNs), 80,000 linked bank account numbers for secured card customers, and 1 million Canadian Social Insurance numbers were compromised.
While that’s a silver lining, the fact remains that consumers may focus on the wide scope over the specifics, and the bank will likely need to ramp up its spending on security measures as well as publicity for those features to assure customers further breaches won’t occur.
Consumers whose more sensitive information was leaked will be highly vulnerable to fraud, especially if they don’t take action. Fortunately for Capital One and its customers, over 99% of SSNs weren’t compromised. But for consumers whose SSNs were leaked, the risk for serious fraud — such as new account fraud or account takeover — will be higher due to the unchangeable nature of SSNs.
Despite these risks, the frequency of data breaches is fatiguing consumers, who may fail to fully comprehend the severity of the situation and take preventative action like changing passwords, signing up for credit monitoring, or putting credit freezes on their accounts.
And this incident is likely to have an effect on the banking industry at large. While Capital One said the vulnerability exploited to cause the breach is not specific to the cloud, the fact that the bank has been an enthusiastic adopter of using the cloud for data storage could be conflated with the incident and lead banks to be even more cautious when adopting the technology.
Additionally, high-profile breaches like this can also scare customers, underscoring how important it is to highlight security and fraud-prevention features — suspicious transaction alerts, the ability to freeze cards, or transaction disputes that can be initiated via mobile banking app — when banks market to prospective customers.
Here’s an industry opinion, as told to Business Insider Intelligence:
"This breach is not as bad as it appears, by a long shot. As Cap 1’s own release points out, SSNs (and bank account numbers) were only exposed for a very small portion of people. Most people (the ~100mm) had only contact or demographic data exposed, which creates lesser risk. There’s simply no comparison to the severity of this breach, and (for instance), First American Title, OPM, Anthem, etc." — A CEO and data breach expert
Interested in getting the full story? Here are two ways to get access:
- Subscribe to a Premium pass to Business Insider Intelligence and gain immediate access to the Banking Briefing, plus more than 250 other expertly researched reports. As an added bonus, you’ll also gain access to all future reports and daily newsletters to ensure you stay ahead of the curve and benefit personally and professionally. >> Learn More Now
- Current subscribers can read the full briefing here.
- Amazon’s online retail sales totaled $31 billion in Q2 — but physical retail could still offer bigger growth
- Insurance startup Hippo joins the fintech unicorn club with $100 million funding round
- Citi upgraded its Android mobile app with greater navigability and ease of use