Massive Data Breach at Capital One

Massive Data Breach at Capital One

It’s happened again – another massive data breach. It seems that nothing has really changed since the egregious information leaks that happened at Canva and Desjardins. We’ve reported on both and forewarned future attacks and, hey presto, another one pops up!

This attack, though, has put millions in danger.

Since the vast majority of the data that was leaked pertained to Capital One’s American consumer-base, the news has revolved around that aspect of the breach. However, approximately 6 million Canadians have been caught up in this attack – and the consequences could be serious.

On the Capital One website, it is stated that “About 140,000 Social Security numbers” and “80,000 linked bank account numbers” were leaked. Yet, this information is only relevant to the American consumer.

On the Canadian side, things are worse. Capital One claims that over 1 million Social Insurance Numbers of their Canadian credit card customers were compromised.

This cyber-crime was perpetrated by an employee – a story very similar to the one behind the Desjardins attack. In fact, as we have discussed in previous articles, employee-related cyber-crimes are the most likely to affect a business whether they are through malicious intent or simple mishaps.

With over 1 million Social Insurance Numbers compromised, Capital One has yet to provide an official estimate on the number of Canadian bank accounts that were endangered.

For Capitol One, this breach is expected to cost anywhere between $100 million and $150 million for the rest of 2019 alone, with further costs accumulating as the full extent of this breach slowly becomes apparent.

Much like the aftermath of the Desjardins hack, there is expected to be legal action taken by the victims against the financial institution – one that could end up costing Capital One hundreds of millions of dollars.

Despite being a massive corporation with elite cyber security, the hacker was able to exploit a misconfiguration in the web application firewall – an oversight on the organization’s part.

What this demonstrates is that no company is too big for a cyber-attack. The hacks at Canva, Desjardins, and Capital One make the news because of the sizes of the companies and the sheer volume of data that is breached but the reality is that the vast majority of cyber-attacks happen against smaller companies.

Ultimately, smaller organization don’t have the resources to fully encrypt and protect all of their sensitive information which allows for increased risk to cyber-attacks and a slower response time to address such attacks.

With this being the third major breach in the last couple months, it is easy to see why cyber-security is one of the most crucial aspects of any business. In the modern day, not having protection against cyber-crime is akin to not having health insurance. It is an absolute necessity.

Ultimately, this isn’t the first major data breach of the year and it surely won’t be the last. Though smaller attacks on businesses won’t be reported on the news, those attacks will increase in severity and in volume.

If you are a decision-maker for your company – or know someone who is – and are not protected against cyber-crime, contact one of our licensed brokers today at This email address is being protected from spambots. You need JavaScript enabled to view it. or call us at 905-696-9090.

We will help protect you.



Source: New York Times, Reuters.

Is The Hard Market Here To Stay?
5 Reasons Your Home Insurance Premiums Are Higher