Reply with 150-250 words Capital One Bank reported a data breach on July 19, 2019 which affected an estimated 100 million people in the United States and another 6 million customers in Canada. According to a USA Today article, White, W. (2019, July 30) USA Today Retrieved from https://www.usatoday.com/story/money/2019/07/29 on October 14, This data breach was conducted by a former software engineer who was accused of stealing data ..in what is considered to be one of the top 10 largest data breaches ever. Data involved in this data breach included social security numbers, names, addresses, phone numbers, date of births etc. It is my opinion, no one will ever know the financial loss of such a data breach which is why financial institutions should have a cyber insurance policy in place. In addition to the costs of the actual data breach there are other associated costs that will include forensics investigators, downtime, staff overtime, additional staff and that doesnt include the reputational loss costs. When I worked for the bank one of the things, we used to say is customers are not loyal when it comes to the security and safety of their money. I used to say, one and done meaning if the bank is ever impacted by a data breach there will be huge reputational risk implications. I used to say also its not a matter of if the Bank was going to experience a data breach its more a matter of if , when and how much data are the attackers going to get which is why we had multiple layers of controls in place hoping to minimize the impact of a data breach. From my research of this data breach it appears that Capital One staff did everything they should have done. I cant think of anything else I could add. They determined what caused the breach, they notified the FBI and then they notified the public in the required amount of time. They then went into damage control and offered impacted customers identity theft insurance for a certain time period. In my opinion, non-public personal information such as social security numbers, name, address, date of birth, account numbers and transactional data should not be in the cloud. Another point Id like to make is when considering storing data in the cloud one needs to determine where the actual servers are located. Are they located in the United States or offshore? My thoughts regarding preventing cyber attacks are all related to hardening the system through access controls within an organization and it all starts with information assurance training for the end user and access control. It would appear to me that maybe the Capital One data breach could have been prevented if the hacker did not have a back door into the system which relates to access control. I do not know for sure what happened but that is just an educated guess. White, July 30, 2019, Capital one data breach 2019: 13 things for customers to know, usatoday, https://www.usatoday.com/story/money/2019/07/29
