The New York Times, CNN, and other media outlets recently published articles reporting that a software engineer in Seattle allegedly hacked into a server and obtained the personal data of over 100 million customers at Capital One. While this is not the first time Capital One has faced a major data breach, there were two things that made this case particularly notable. First, the breach is estimated to cost the bank up to $150 million and has been said to be one of the largest bank data breaches in history. Second, and of particular interest to HR leaders: the warning signs of this data breach were available right on public social media.
The suspect was Paige Thompson, 33, a former software engineer at Amazon Web Services, which hosted the database that was breached. Using the online alias “erratic,” Thompson had in many ways the persona typical of a software engineer in Seattle. She fretted about her dating life and participated in programming chatter. However, her habit of oversharing also left a trail of digital breadcrumbs that led the FBI to her door. Thompson allegedly bragged about the breach on Twitter; shortly after the breach was discovered, she tweeted, “I have a whole list of things that will ensure my involuntary confinement from the world. I’m never coming back.”
Could Capital One have prevented this particular breach using social media data? Well, no. Thompson was not a Capital One employee, and the ‘trail of breadcrumbs’ that identified her as the suspect behind the hack was left after the breach had already occurred. But suppose Thompson was an employee at Capital One, or even Amazon. If that were the case, Amazon and Capital One could have had reams of information that painted a picture of who she was—a skilled programmer with a troubled past—and used social media to help prevent the attack.