Lawsuits Pile Up For Cap One, Amazon Post Hack

Capital One and Amazon Web Services are being sued by customers due to the massive hack that impacted more than 106 million people, GeekWire reported.

Software engineer Paige Thompson, 33, allegedly boasted about the hack and left crumbs for investigators to follow. She formerly worked for Amazon Web Services, which hosted the Capital One database that was breached.

The hack has led to multiple lawsuits against Capital One. A similar one filed last week in California also included GitHub, which plaintiffs argued did not monitor and respond to hacked data on its website.

The newest lawsuit, which was filed this week in federal court in Seattle, also includes Amazon as a defendant. It argues that the company knew about the vulnerability exploited by Thompson and “did nothing to fix it,” and also violated Washington state’s Consumer Protection Act and Data Breach Disclosure Law.

“The single-line command that exposes AWS credentials on any EC2 system is known by AWS and is in fact included in their online documentation,” according to the complaint, GeekWire reported. “It is also well known among hackers.”

The suit also alleges the companies did not disclose the breach when they learned of it. The proposed class action suit includes plaintiffs from eight states and a nonprofit in Kentucky.

But Mark Bartholomew, a cyber law professor at the University at Buffalo’s School of Law, said that Capital One’s quick response, as well as reports that Thompson didn’t take advantage of the information she took, could hinder the lawsuits.

Although critics have said Amazon hasn’t done enough after the incident, the eCommerce giant said in a statement that none of its services were the underlying cause of the break-in. And Capital One has said that “this type of vulnerability is not specific to the cloud. The elements of infrastructure involved are common to both cloud and on-premises data center environments.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.