- Blog Post
- Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
Capital One Data Breach Affects Over 100 Million Customers
Capital One suffered a massive data breach that compromised over 100 million American customers' data, including names, Social Security numbers, addresses, and other personal information. There is a possibility that the stolen information was not disseminated or used to commit fraud. The hacker, a former employee for Amazon Web Services (the cloud hosting company that Capital One was using), gained access by exploiting a misconfigured web application firewall. The FBI is investigating if other AWS customers, such as Michigan State University and UniCredit SpA, Italy's largest bank, were also victims.
Coast Guard Reveals Details of February Cyberattack
The Coast revealed that a debilitating February cyberattack on a merchant vessel was due to a variant of a malware known as Emotet that has been effective against government and corporate networks. Cybersecurity standards on the vessel were lax: the crew shared a single login to the ship's computers, external hard drives and memory devices were routinely plugged in without security measures, and there was no antivirus software deployed. In its notification, the Coast Guard purposefully did not name the vessel affected in the attack to encourage others to come forward. Coast Guard Captain Jason Tama warned that most commercial vessels lack sufficient cybersecurity standards, presenting major risks for an industry critical to the global economy.
Demand for Cyber Insurance Grows
The market for cyber insurance is growing rapidly, and is expected to continue growing. The direct cyber insurance premiums market grew to $2 billion last year, up 26 percent since 2015, as more businesses shift to the cloud and customers are concerned about data breaches, distributed denial-of-service attacks, and ransomware, according to a Moody's report. Despite this growing demand, some insurers are reassessing whether to offer plans to help clients recover from cyberattacks, noting that attacks are increasingly expensive and difficult to price due to the lack of sufficient data. Insurers also complain of variance in cybersecurity rules and standards across different jurisdictions.
Confusion on Blacklisted Chinese Technology
Though a ban on Chinese-made security and telecoms equipment in government networks is due to go into effect this month, IT security company Forescout found around 2,400 surveillance cameras made by the blacklisted Chinese companies Hikvision and Dahua still connected to federal networks as of July 23. Recent reports show that DoD-funded research bases and police units across the country have bought surveillance equipment from Hikvision since the ban was passed. Officials blame the presence of blacklisted technology on the ban's lack of clarity, namely confusion over if it requires device removal or simply prohibits purchase of new devices.
Facebook Warns Investors Cryptocurrency May Never Launch
Facebook downplayed expectations for its recently-announced Libra cryptocurrency amid pushback from regulators and lawmakers in the U.S. and abroad, warning investors that Libra may not be made available in a timely manner, or possibly at all. Resistance primarily stems from concerns about consumer privacy and confusion over how to regulate the currency. In recent hearings on Capitol Hill, lawmakers questioned Facebook representatives on whether to regulate the cryptocurrency as a security, and wondered if the Libra Association, a group of companies collectively overseeing the currency, should be regulated as a bank. Though Facebook’s cryptocurrency faces major obstacles, its announcement reportedly sent officials at China’s central bank scrambling. The People's Bank of China has been looking into creating its own digital currency since 2014, and officials reaffirmed their intention to cement China's leadership in financial technology with a centralized digital currency.