Another week, another data leak. Like the many that have come before it, the latest affecting Capital One Financial Corp, is no laughing matter, affecting more than one hundred million of the credit issuer’s customers and applicants. It is already being billed as one of the largest data breaches at a big bank to date.

Making this breach worse is that the breach was done by a hacker who accessed customer data that was stored on Amazon’s cloud services, the same cloud provider that is home to a huge number of corporations’ data.

Granted, for those of us who are not in the United States, it may seem like it has  little relevance. But this is only partly true. Maher Yamout, Senior Security Researcher at Kaspersky, pointed out that the breach demonstrates how fragile our sensitive data is when stored in the cloud with weak configuration.

The circumstances of the hack brought to life one of the major points raised by Kaspersky at its Cybersecurity Weekend earlier this year – exposed data is often compromised for months before the leak is discovered. And that was the case here, with customers’ personal information being compromised for three months before it was addressed.

Yamout elaborated that in this case, the hacker exploited a configuration weakness in the cloud platform that the service provider uses to store credit card data, which allowed theft of 14 years’ worth of data. He pointed out that the data could be used in a number of ways by hackers, such as the method exposed by Kaspersky in the Security Analyst Summit (SAS) 2019 - Digital Doppelgangers, and intended to fake digital identities to facilitate fraud.

For organisations taking this as a warning bell to reexamine the security measures they have in place, he offered a number of practical suggestions:

• Setup a method or medium that allows responsible disclosure of breaches or vulnerabilities
• Work out with the cloud provider when necessary to ensure relevant logging is enabled for your infrastructure

• Categorise data in the cloud and employ data leak prevention solutions
• Conduct a configuration review of your infrastructure, especially where sensitive data resides and align them with security best practices
• Enable automated alerts upon unauthorised changes in the settings from the system baseline configuration
• Enforce multi-factor authentication for administrative accounts
• Use of threat data feeds to block network connections originating from malicious network addresses or from known TOR / VPN exit nodes
• Use a dedicated security product for cloud protection that detects threat activity inside the cloud environment, such as Kaspersky Hybrid Cloud Security. The security solution should allow file integrity monitoring to ensure the integrity of critical system files, as well as a network attack blocker and application control with default deny mode to block execution of unauthorised applications.

While the case is ongoing, with one arrest being made by the FBI to date, our bet is that Capital One has an appearance before Congress, and quite likely a class action lawsuit to contend with in its near future.