In July 2019, the company announced one of the largest thefts of bank data in American history affecting more than 100 million credit card customers after an attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data in March and April 2019. Anyone that applied for a card with the bank between 2005 and 2019 were presumed part of the breach.
The exposed information included information on credit scores, credit card limits, balances, credit history, home addresses, Social Security numbers and bank account numbers. The company said that no credit card account numbers or log-in credentials were exposed in the incident.
In June 2022, an ex-Amazon Web Services employee was found guilty of multiple crimes in relation to this breach.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.