Ross Brewer, MD and VP EMEA LogRhythm commented, “Details on this case are still emerging, but this is yet another example of how lone cybercriminals can successfully infiltrate the network of large multi-national companies. What’s concerning in this case is that, if reports are correct, the company only discovered it had been breached after it had been tipped off by email. With banking firms in particular being such high value targets, it’s crucial that firms such as Capital One have tools in place that identify and mitigate anomalous activity and exploits as soon as they appear.
“Unsurprisingly, one of the key questions will be whether any European – and thus GDPR protected – customer data has been accessed. We currently know that over 100m Americans and 6m Canadians have been impacted, however, with the likes of British Airways facing a £183m GDPR fine for lax security, Capital One’s security team must be working overtime to ensure that they are able to identify additional customers outside North America. European regulatory bodies have shown they’re not as toothless as once thought, and could add Capital One to their hitlist.”