The massive-scale hack of major United States credit card issuer Capital One has left the personal data of over 100 million individuals exposed.
As CNN reported on July 30, confidential data for around 106 million Capital One customers' accounts and credit card applications was stolen by an alleged hacker, Paige Thompson, 33, in March of this year.
Capital One: a centralized trove of KYC data
Thompson, a Seattle resident, was arrested by the FBI on June 29 and is accused by the US Department of Justice of having gained unauthorized access to personal data that included names, addresses, zip codes, phone numbers, email addresses, dates of birth and self-reported income.
All this data is collected by Capital One “routinely” each time it receives credit card applications, the company has revealed in an official statement.
Thought to have affected roughly 100 million United States customers and 6 million Canadians, the suspect allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, as well as data pertaining to customers’ credit scores, credit limits, balances, CNN reports.
According to CNN, Thompson had formerly worked as a software engineer for a cloud hosting company used by Capital One. Her access to the company’s servers was facilitated by exploiting a misconfigured web application firewall, CNN reports, citing court filings.
‘No one has ever hacked Bitcoin’
The major breach of a centralized repository of Know Your Customer data reveals the fault lines of corporations’ custody over their clients’ data. The crypto community has been quick to reflect on the flaws of such legacy models as compared with more resilient, decentralized systems. As Morgan Creek Digital Assets co-founder Anthony Pompliano tweeted today:
“No one has ever hacked Bitcoin. It is the most secure computing network in the world.”
While security breaches of centralized crypto exchanges are still commonplace, to “hack” Bitcoin, a potential attacker would have to gain access to the private keys of every single wallet address individually — rather than one centralized trove like Capital One’s.
Capital One has stated that "unlikely that the information was used for fraud or disseminated by this individual," and that "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised."
As CNN notes, the suspect nonetheless revealed her intentions on Twitter to distribute the ill-gotten confidential information, such as Social Security numbers along with full names and dates of birth.
As Cointelegraph has reported, privacy concerns in an era of far-reaching data centralization are spurring the development of secure, decentralized blockchain-based alternatives from major tech players such as Microsoft.
In an interview with Cointelegraph this summer, BitMEX CEO and co-founder Arthur Hayes underscored the importance of financial privacy. He argued that the public is on the brink of a sudden wake-up call in light of the unmistakable negligence and misuse of individuals’ digital property and identity credentials, as well as incursions into their on — and offline freedoms.