Major U.S. Credit Card Issuer Hacked
It seems the data breaches will never end. Earlier this month, the worldwide bank holding company Capital One identified a hack to their system, reporting a breach of over 100 million credit applications that were submitted between 2005 and early 2019. According to AP News, the breach affected a total of six million Canadians and 100 million Americans.
The hacker, identified as Paige A. Thompson, obtained the personal data through a misconfigured web application firewall, as reported by Reuters. According to CNet, it is believed that Thompson accessed this server from March 12th through July 19th, which is when Capital One was made aware of the attack. The data included personal information such as credit scores, self-reported incomes, fragments of transaction information and the social security numbers of about 140,000 customers.
Reuters reports that Thompson posted about her actions on GitHub in April, an online coding platform, as well as on Twitter and in Slack discussions. Authorities were able to track Thompson through the digital address of the page she posted on the platforms. She appeared at the U.S. District Court on Monday, where she was charged with computer fraud and abuse. She faces up to five years in prison and a $250,000 USD fine, as reported by CNet.
Capital One is offering free credit monitoring and identity protection to their affected customers, and expects that this attack will cost them between $100 million and $150 million USD, according to the Wall Street Journal. The bank’s shares are down nearly seven percent as a result, according to Reuters. This comes after Equifax agreed to pay a hefty sum to settle lawsuits over their 2017 data breach.
Beware and Update
In recent months, a Google security team known as Project Zero has discovered six flaws in Apple’s iMessage software that make it susceptible to hackers. One of these flaws was due to a Springboard vulnerability, where devices that received a malicious iMessage attack from a hacker could see their device “brick,” or repeatedly crash and re-spawn. This would cause the phone to stop responding, and requires the device to be fully wiped in order to be functional again, according to the BBC. Additional “interaction-less” vulnerabilities made it possible for files to be copied off the infected device without the device owner’s assistance whatsoever.
As a result, five of the issues discovered by Project Zero were disclosed and patched up with Apple’s most recent iOS 12.4 update last week, as reported by The Verge. However, the iOS 12.4 update does not rectify a sixth issue identified by Project Zero, where a hacker can attack a device via a maliciously coded iMessage. All the user must do is open the message for the code to execute and infect the device.
Details about this vulnerability have not been released to the public as a result of Project Zero’s policy, which is to allow Apple 90 days to issue an update that will fix the discovered bug. According to Forbes, the information is disclosed to the public after that 90-day period. Apple recommends frequently updating your device to ensure it is as protected as possible from malicious attacks.
Sprint and T-Mobile Join Forces
The United States’ third and fourth-largest wireless carriers, Sprint and T-Mobile, officially merged after obtaining the necessary government approval to ensure monopoly prevention. Reuters reports on the statement of the U.S. Justice Department, stating that this deal would “improve competition and the roll-out of faster 5G networks by combining weaker players.”
This refers to a main condition of the deal – Sprint is required to unload their prepaid businesses like Boost Mobile to the satellite television firm Dish Network Corp. The Justice Department revealed that this divestment would create a strong fourth U.S. wireless carrier in Dish Network Corp. The other two major carriers are Verizon Communications Inc. and AT&T.
The Wall Street Journal reports that further conditions required of the merger by the U.S. Federal Communications Commission included the companies’ agreement to expand wireless broadband access and to refrain from increasing their prices for three years.
The merger is experiencing some criticism, however. A group of attorney generals of several U.S. states brought an antitrust suit to court to block the deal before the Justice Department and FCC made their decision to approve or deny it. This is putting the addition of Dish as a wireless carrier on hold. The lawsuit is expected to continue through to trial.
If you enjoyed this post, check out more of our This Week in Tech News articles:
- This Week in Tech News: Privacy Please
- This Week in Tech News: Money Talks
- This Week in Tech News: Permission Not Required