Unsecured third-party access leads to 2018 Capital One data breach

February 28, 2018//Tori Taylor

Last Updated: July 29, 2022

It’s not if a third-party will be responsible for a network breach…it’s when

In 2018, Capital One suffered a data breach that compromised 50GB worth of sensitive data. The incident was discovered by researchers from the security firm Upguard. An analysis of the breach showed that a third-party vendor was at fault.

Birst, a business analytics vendor, mishandled Capital One files exposing the bank to malicious actors and a potentially expansive security breach.

This incident is yet another clear example of why vendor access management is such a critical part of network security. In a blog detailing the breach discovery timeline, Upguard outlines the failure of this third-party vendor to follow its own protocol.

The article states that Birst’s typical security standards would have prevented the leak, “…by entirely cutting the on-premise Birst cloud environment off from access to the wider internet, security misconfigurations resulting in the exposure of critical information would not be possible.” However, the Upguard researchers went on to highlight that Birst technicians simply copied Capital One’s data to an Amazon S3 bucket with no security – not even password protection.

Both Capital One and Upguard have reported that no customer data was included in the breach, however, the compromised files contained highly sensitive information that put Capital One’s network at significant risk.

While third-party service and technology providers need access to remotely support their customers, that activity must always be heavily monitored and controlled. Vendors are becoming more aware of their own liability when handling customer data. However, an enterprise’s trust in a third-party vendor should never be a factor in managing secure network and data access. In this case, Birst didn’t utilize its own security procedures.

63% of breaches involve a third-party component. It’s important that an enterprise understand how to properly manage vendor access and ensure their network is protected and the company is compliant with increasingly stringent regulations.

SecureLink was specifically designed to address secure connections between enterprise companies and their technology providers. For more information on secure solutions for third-party remote support, read our 2018 Cybersecurity Predictions for Enterprises.


About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise Access has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink Customer Connect is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close