Woman Steals 100 Million SSN and CC Info affecting the US & Canada

mrrsm

Original poster
Lifetime VIP Donor
Supporting Donor
Member
Oct 22, 2015
7,639
Tampa Bay Area
Some Crazy Woman Hacked the Personal Files from Capitol One affecting 100 Million USA Resident Members along with 6 Million Canadians. The FBI easily Tracked her Down and the case is CWA (Closed With Arrest). This is just an FYI in case the word from Captol One has not filtered down to ALL of its customers. No Login Credentials have been compromised...and 99 % of the SSNs have NOT been comprised so far by this Hacker and her ilk:

 
  • Like
Reactions: Redbeard

DocBrown

Member
Dec 8, 2011
501
I heard this on the radio this morning. Big surprise.

Many years ago my wife's Capital One Visa was skimmed. They used it to withdraw large amount of cash from ATMs in Canada. When I asked how that was possible as we purposely do not set pins on our credit cards they told me that someone called pretending to be my wife and social engineered the CS rep into setting a pin. We closed the account after that incident.

If it's that easy to use social engineering techniques on a CS rep that's supposed to be trained in this kind of stuff, I can't imagine their other system security efforts are worth much either.
 

Mooseman

Moderator
Dec 4, 2011
25,257
Ottawa, ON
We are probably quadruple affected since we have two accounts and one card each. We never give our SIN to credit card Co so at least those are protected.

I had about $600 of unauthorized purchases on the Xbox site (we don't even own one) which Capital One refunded right away about 3 years ago. No clue how they got my number.
 

Reprise

Lifetime VIP Donor
Supporting Donor
Member
Jul 22, 2015
2,724
From what I can tell, I don't think this was a really 'bad' breach... I found the woman's name, and a link to her still-active (as of yesterday) Twitter acct.
She got herself caught by admitting to what she did on at least one public website. I saw her twitter thread referencing it from a few days earlier.
She also mentioned that the data she had was encrypted, and wanted to get it off her server. Given that statement, I don't think she had the tools to crack the encryption (and if CapOne was smart, they hashed / salted the data).
She had a small IT business of her own in the Seattle area.
Looks like she'll be going to prison for a few years.

No, I don't have concrete evidence that this is 'no worries'... just from the info I can see, she doesn't look like a serious hacker / able to exploit the data.

While I don't give companies a lot of slack for data breaches (almost always avoidable, and inexcusable, if good practices are followed, but that's another thread), I will give Capital One credit for getting out in front of this early, and publicly, within days of it occurring.


As an aside, but related - There's now a site to go to for the Equifax data breach to file claim for reimbursement, if you were affected by their breach a couple of years ago (150 million ppl, and they sat on the knowledge for many months before disclosing it.)

$125 base payment (or 10yrs of credit monitoring, if you don't already have it), and you can *also* file for $25/hr for up to 20hrs of expenses (up to 10hrs doesn't require documentation; only your description of what you did and how long it took).

Website below (it's legit; I filed my claim a couple of days ago, as I was impacted (and thankfully, nothing adverse has happened. I have credit freezes active with all three reporting agencies, and I get weekly reports on my credit records.))

I've read that the 'anticipated' amount of respondents is about 281K (of 150 million? WTF?), so put your claim in quickly if you want reimbursement (which will be awarded a few months from now.)

 

Forum Statistics

Threads
23,273
Posts
637,484
Members
18,472
Latest member
MissCrutcher

Members Online