BLOG

100 Million Customers Affected by Capital One Data Breach

Data breach in Capitol One's infrastructure

On July 29, Capital One Financial Corporation (NYSE: COF) announced that they experienced a data breach. The breach exposed personally identifiable information (PII) on Capital One’s credit card products, including application forms and customer details.

The data breach was first noticed by Capital One on July 19, nearly 4 months after the data breach occurred. The incident affected over 100 million individuals in the United States and 6 million individuals in Canada. Of these affected, 140,000 social security numbers and 80,000 linked bank account numbers were exposed in the United States and one million social insurance numbers were compromised in Canada.

Although all data were encrypted, the perpetrator managed to decrypt the data and obtain large quantities of personally identifiable information. Fortunately, Capital One had tokenized selected data fields such as social security numbers and account numbers. This means that these data were not truly exposed.

Alternatives to Digital Personal identifications

This incident brings up the question once again of “What better security methods are out there to protect customers’ data?” and are there better alternatives to identification than strings of numbers and letters. In a 2019 IDology research paper, ‘Second Annual Consumer Digital Identity Survey’, 85% of United States’ online consumers chose their social security number as their main form of personal identity. However, in the wrong hands, personally identifiable information such as social security numbers can lead to disastrous outcomes such as stolen identity and theft.

One alternative to the broken system of passwords and identity numbers is the use of biometrics. What makes biometrics better than traditional methods is that it is personal and unique to each individual. Biometric data such as facial, iris, fingerprint and voice are personalised and more secure as it isn’t knowledge-based (passwords and security questions) or possession-based (USB security code).

Auraya’s voice biometric engine ArmorVox, allow users to enrol, verify and identify their identity using their voice. With voice, users are not required to remember anything or bring anything. Since our biometric data are always a part of us, it provides a more reliable and efficient identification and authentication process. With today’s technological advancements, Auraya’s voice biometric capabilities provide features such as automated tuning process, speaker-specific thresholds and background models, active and passive enrolment and verification, continuous learning, impostor mapping, hotlists and synthetic voice detectors. These features provide a more secure solution whilst making it easy for users to enrol and verify.

NEWSLETTER

sign up to our mailing list