The company's S-1 lays the groundwork for what is widely expected to be one of the largest initial public offerings of the year, second only to Uber's IPO in May. It's also...Technologyread more
Fraud investigator Harry Markopolos' accusations extended beyond GE's management to actuaries, auditors and analysts who he claims overlooked billions in liabilities.Marketsread more
Trump's tweet comes a day after Apple put out a press release describing the money it spends on U.S.-based suppliers and vendors.Technologyread more
CNBC combed through Wall Street research to see which stocks are still a buy after their earnings reports.Marketsread more
President Donald Trump held a call on Wednesday with the CEOs of three major U.S. banks, according to people with knowledge of the situation.Marketsread more
Despite aggressive strides, Waymo needs one thing before their self-driving cars become a seriously useful transportation system: people. We talked to the ones closest to it.Technologyread more
Scientists say the smoke plumes, filled with megatons of tiny, harmful particles, could travel to other areas of the world and cause serious respiratory problems for people.Weather & Natural Disastersread more
Some Weight Watchers loyalists applaud Kurbo by WW. But nutritionists worry Kurbo promotes an unhealthy relationship with food during an especially impressionable time.Health and Scienceread more
Benefits from what President Trump called "the biggest reform of all time" to the tax code have dwindled to a faint breeze just 20 months after its enactment, writes John...Politicsread more
Epstein, 66, was found in his cell in Manhattan federal lockup Saturday morning and transferred to a nearby hospital, where he was subsequently pronounced dead.Politicsread more
Air travelers faced delays at U.S. airports on Friday afternoon after a computer issue snarled processing of international arrivals.Airlinesread more
Capital One is dealing with what will likely be one of the most important data breaches of the year.
The incident involved theft of more than 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital One customers, according to court filings in Seattle. But the Capital One incident is significant beyond the numbers, because it was allegedly carried out by a lone wolf.
The details set it apart from breaches of companies such as Equifax and Marriott, which were attacked from the outside by criminals with a nation-state connection. It's also different from the spate of ransomware attacks against major U.S. cities, which were likely committed by groups of individuals outside the U.S.
Instead, according to the indictment of Paige A. Thompson, the experienced engineer was able to exploit a flaw in an application firewall stored on an Amazon Web Services cloud server to gain access to the information.
An Amazon spokesperson confirmed Thompson had worked for Amazon but she left in 2016. The breach took place between March and July this year. Capital One confirmed in a statement Monday that the incident was related to a misconfigured application firewall and not an issue with cloud infrastructure.
"AWS was not compromised in any way and functioned as designed," Amazon said in a statement, adding that the reason for the breach was a misconfiguration of firewall settings on a web application, managed on the cloud server by Capital One, not a vulnerability in the cloud server itself.
The incident, which is still unraveling, will bring up major issues facing the biggest tech companies, cloud firms and banks, namely how to control who has access to sensitive consumer data and detect insiders who may go rogue.
In many ways, it's the nightmare scenario for a large company. Banks such as Capital One have in recent years become much more adept at protecting against outside threats that target sensitive personal data. But protecting against a single individual bent on destruction and with even a modicum of access can be much harder.
According to the indictment, Thompson exploited a misconfigured firewall in a cloud server used by Capital One. She allegedly used a Tor browser, which anonymizes a person's online activities, to gain this access. She also used a virtual private network known as IPredator to further obscure her activities, according to the indictment.
All of these factors combined with the possibility of insider knowledge means this incident will be closely watched by cybersecurity professionals and banks, particularly to see whether there was any way Capital One could have avoided the incident under the circumstances.
"Capital One had some good security practices in place," said Sam Curry, chief security officer of cybersecurity company Cybereason. "As a positive, they made an arrest quickly and there is a chance to minimize damage. Normally, it's months, years or never in terms of arrests and accountability of the criminals. Finding things sooner in the life cycle always limits the impact and damage to the innocent."
Capital One's stock closed down 5.89% on Tuesday.