The Capital One Data Breach a Year Later: A Look at What Went Wrong and Practical Guidance to Avoid a Breach of Your Own


The one year anniversary of Capital One’s data breach is rapidly approaching. Therefore, I thought it was a good time to review the lessons we can take from the breach in order to prevent it from happening in the future. 

Information about the breach and the person responsible is abundant and has been beaten into the ground in its entirety by countless blog posts and news articles, so rather than having that discussion again, let’s dive into what happened from a technical standpoint. As a general note, some of the pieces here are extrapolations and assumptions I pulled from the indictmentbut I tried to pick the most likely scenarios of what happened. 

What happened:

Read more…