Skip to main content

Listen, you woke up one morning and realized that you'd been doing a very inadequate job of protecting your customer data and now you're all over the news for getting pwned by a hacker to the tune of millions of data breaches. It happens to a lot of banks, Capital One, you just need to take a deep breath and properly handle the fallout.

First things first, keep your customers calm:

Capital One Financial Corporation announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.

That's a strong start. Play down the whole thing, let everyone catch their breath...

Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.

Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.

Now you're cooking with gas! This hacker doesn't have account numbers or logins and "Like, only 1% of you should even care" is a very strong message. Basically, this hack ain't shit!

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.

Oh, that's...not great...

Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:

• Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information

• Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

Wait, holy shit, Capital One, that's bad. At least it's only 1%. What's that, like a couple hundred accounts?

No bank account numbers or Social Security numbers were compromised, other than:

• About 140,000 Social Security numbers of our credit card customers

• About 80,000 linked bank account numbers of our secured credit card customers

Umm, this isn't working, Capital One. 


Screen Shot 2019-08-13 at 2.43.23 PM

Goldman Sachs Is Doing Apple's Innovation For It These Days

DJ D-Sol is sampling Angelo Mozilo on Goldman's Apple Card plans.

Image adapted from Flickr User Aranami.

Wells Fargo Tries Playing Dead, Market Very Easily Convinced

The stagecoach stopped rolling online and everyone beat it like a dead horse (we lost this metaphor).


We Ranked Wall Street Banks...By How Much The People Working There Enjoy Working There

Jamie's people are relatively happy while Wells Fargo's at Wells Fargo.


Citi Reports That It’s Still Way Too Big To Worry About A Massive Trading Loss

Mike Corbat: “I got creamed by that December volatility…come at me, bro.”

Getty Images

UBS Announces That The Q1 '19 Investment Banking Environment Was UBS-Levels Of Sucky

CEO Sergio Ermotti warns everyone that European banks might report numbers troublingly close to his bank's normal ones.

Image adapted from Flickr User Aranami.

Wells Fargo Selects Charles Scharf To Make History As The First Female CEO Of Major US Bank

Say what you will, but leaving BNY Mellon to run Wells Fargo proves that Charlie Scharf is definitely not a venal careerist.