Capital One
Another calamitous security failure, this time at US finance giant, Capital One, which failed to secure the personal details of 106 million of its customers. An IT worker has been charged with the theft, though the arrest hardly required an in-depth investigation since the stolen data was posted on a Github account belonging to the accused. The information was stolen from Amazon's AWS cloud storage solution and, as Brian Krebs reports, Capital One may not have been the only major company affected by the breach, which appears to have taken advantage of a known issue described as far back as 2015. The chargesheet says the TOR network was used to access Amazon's servers, something that should have rung loud alarm bells. Unlike many other companies, Capital One reacted relatively quickly to the breach, though it hasn't explained why 14-year old credit card applications were among the stolen data.