On the heels of Equifax’s settlement with the Federal Trade Commission following its 2017 breach of over 145 million records, deemed the largest hack in US history, Capital One announced another large-scale breach exposing the financial data of over 100 million customers.
As more details of the breach have emerged, we have learned the hack was carried out by a former software engineer at Amazon Web Services, where Capital One stores its data. It’s unknown if the hacker worked with Capital One at AWS or if her knowledge of AWS aided the hack in any way, but she managed to identify and breach a misconfigured firewall on a web application. This enabled her to obtain data, including 140,000 social security numbers, 80,000 bank account numbers, one million Canadian social insurance numbers and more.
This breach is expected to cost the company up to $150 million, and it should serve as a warning to companies across industries – especially those that operate contact centres – that insider threats can be just as costly as data breaches perpetrated by outsiders.
According to Verizon’s recent 2019 Data Breach Investigations Report, insider threats are on the rise, and with the contact centre industry’s high employee turnover rates, there are so many opportunities for sensitive data to be mismanaged by negligent insiders or stolen by malicious ones. While it’s important to put trust in employees, it only takes one bad actor or disgruntled employee to carry out an insider threat. With 72 percent of contact centres accepting card payments by phone, it is imperative that companies ensure customer data is secured from these and all kinds of attacks. The risk of not doing so hurts a company’s reputation and negatively impacts a company’s revenue streams – as evidenced by a recent survey we conducted which found that 83% of US consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack.
PCI Pal’s solution can help protect against insider threats. Our cloud-based PCI security solution prevents any payment card data from being visible or audible to contact centre staff. Payments are routed directly to a secure platform where customers provide masked card details using their telephone keypad, while still maintaining contact with the customer service representative. By operating this way, the risk of insider fraud is eliminated. Contact us to learn how PCI Pal can help guard your company and customers against threats like this and more.