The records breach at Capital One can be the “tip of the iceberg” and will affect a range of well-known companies, basically based on security researchers.
Israeli security firm CyberInt acknowledged Vodafone, Ford, Michigan Sigh University and the Ohio Department of Transportation may perhaps well perhaps also just beget moreover fallen victim to the same recordsdata breach that noticed more than 106 million credit rating applications and recordsdata stolen from a cloud server bustle by Capital Oneby an alleged hacker, Paige Thompson, a Seattle resident, who modified into taken into FBI custody earlier this week.
It follows earlier reports from Forbes and security reporter Brian Krebs indicating that Capital One may perhaps well perhaps also just now not beget been the finest company affected, pointing to “one of the distinguished field’s excellent telecom suppliers, an Ohio authorities physique, and a foremost U.S. college,” basically based on Slack messages sent by the alleged hacker.
The linked messages had been printed in a CyberInt document printed Wednesday. “Other victims can be inferred from filenames,” acknowledged the document, including Apperian, Infoblox and Wakoopa.
The Justice Department acknowledged Thompson may perhaps well perhaps also just face extra funds — suggesting a range of companies may perhaps well perhaps also just beget been piquant.
We reached out to a couple of these named by CyberInt with blended results. Only the Ohio Department of Transportation confirmed it had recordsdata stolen, and modified into working with the FBI. “At this level, alternatively, we can bid that the tips within the referenced file contained most life like publicly readily accessible recordsdata and no non-public recordsdata modified into kept there,” acknowledged spokesperson Erica Hawkins.
Ford spokesperson Monique Brentley told TechCrunch that it’s “investigating the topic to resolve if Ford recordsdata is piquant.”
Meanwhile, Vodafone spokesperson Adam Liversage acknowledged the telecom giant modified into “now not aware” of its recordsdata stolen within the Capital One breach.
And a spokesperson for Michigan Sigh University acknowledged it receives “a entire bunch of threats and assaults on our machine” and acknowledged it modified into “annoying to know if one just recently modified into the alleged hacker from the Capital One self-discipline.”
“Our teams are having a search into nonetheless at this level we wouldn’t beget any recordsdata to allotment,” acknowledged spokesperson Emily Guerrant.
The hack of Capital One is largely the most foremost recordsdata breach this year. Files modified into stolen from an Amazon Web Companies-basically based storage bucket, which incorporated more than 140,000 Social Safety numbers and over a million Canadian Social Insurance coverage numbers, as properly as a range of personal recordsdata.
Capital One acknowledged it realized of the breach by a third-gather together who reportedly noticed the alleged hacker’s claims and boasts about the thefts.
Safety researcher John Wethington told TechCrunch that basically based on public recordsdata — including the Slack channel of which the alleged hacker modified into a member — likely a range of companies had recordsdata stolen.
“In accordance with the tips gathered from publicly readily accessible recordsdata on the alleged hackers GitHub and GitLab accounts, as properly as public recordsdata from the Slack channel, it’s sure that organizations including Ford, Vodafone and others are that you just would also believe victims of what appears to be to be a huge sensitive recordsdata hacking spree,” he acknowledged.
As of the time of writing, Thompson faces five years in penal complex and a shiny of as much as $250,000.