Capital One Cyberattack Effects 106 Million Card Holders

Capital One Cyberattack
Photo by Snapwire

Capital One Cyberattack

The Capital One cyberattack is a concern for small businesses.  Capital One said that the personal information of approximately 106 million card customers and applicants had been compromised.  This is one of the largest cyberattacks on a big bank.

The information of customers and applicants compromised included small businesses.  It was reported that the information accessed from the Capital One cyberattack involved persons or businesses that had applied for credit cards from 2005 to early 2019.  It included addresses, names, dates of birth and self-reported income.

The Cost of Cyberattacks

The alleged source of the cyberattack was a former employee of Amazon Web Services Inc., who had worked at a cloud-computing company.  Capital One said it is unlikely the stolen information had yet to be disseminated or used for fraud.  The investigation is continuing however.  The incident is expected to cost approximately $100 million to $150 million.  Estimates for losses to the U.S. economy in 2018 to cyberattacks were between $57 and $109 billion but the real cost to a company’s reputation and intellectual properties is beyond dollar estimates.

Beyond the Capital One Cyberattack

Often businesses focus their cybersecurity efforts on IT solutions.  The Capital One cyberattack much like the Equifax breach in 2017 illustrate how short sighted this approach can be.  Every business shares valuable information with entities it does business with.  Therefore, businesses today need a management-oriented structure to access threats, create processes to deal with them, and conduct regular reviews and audits of those processes to be effective.


ISO-27001 is such a solution.  It includes all stakeholders and is flexible to demands of any size of business.  ISO 27001 can not only protect your business from cyberattacks it can help your credibility with potential customers.  This is because certification in an Information Security Management System (ISMS) shows your intent to protect their information as well.

In conclusion, in today’s world nobody is exempt from having their information compromised.  Even Capital One, the world’s fifth largest credit card company can be a victim of cyberattack.  Maintaining a viable ISMS like ISO 27001 ensures your business is maintaining a viable mitigation of this threat.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 certification on time and on budget.

Jamie Hamilton

Share this post