In July 2019, the company announced one of the largest thefts of bank data in US history affecting more than 100 million credit card customers after an attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data in March and April 2019. Anyone that applied for a card with the bank between 2005 and 2019 were presumed part of the breach.
The exposed information included information on credit scores, credit card limits, balances, credit history, home addresses, Social Security numbers and bank account numbers. The company said that no credit card account numbers or log-in credentials were exposed in the incident.
In June 2022, an ex-Amazon Web Services employee was found guilty of multiple crimes in relation to this breach and in October the same year received a sentence of time served plus five years of probation.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: