Unfortunately, the short answer to my headline question is, no. You cannot rely on cybersecurity experts to protect your personal financial information, as evidenced by the numerous breaches of personal information at companies employing large staffs of such experts. Marriot, Equifax, J.P. Morgan, Yahoo (twice), and now Capital One, among many others, have all fallen prey to serious breaches of their customers’ information. The Wall Street Journal reports of Capital One’s recent breach:
The cybersecurity unit—responsible for ensuring Capital One’s firewalls were properly configured and scanning the internet for evidence of a data breach—has cycled through senior leaders and staffers in recent years, according to the people. About a third of its employees left in 2018, some of the people said.
Capital One last month disclosed that a hacker accessed the personal information of about 106 million of its card customers and applicants. Before the hack was made public, employees had raised concerns about what they saw as staffing issues and other problems to the bank’s internal auditors, human-resources department and other senior executives, according to some of the people.
The quality of a cybersecurity operation is partly dependent on its ability to attract and retain top talent. The bank’s board regularly reviewed attrition rates in the cybersecurity unit, one of the people said.
A bank spokeswoman said: “Safeguarding information is essential to our mission and to our role as a financial institution. We’ve invested heavily in cybersecurity and will continue to do so.”
The bank spokeswoman said the cybersecurity unit’s total head count has risen over the past several years. “The Cyber Team is a net importer of talent within Capital One,” she said in a statement.
The hack was one of the largest in recent years, a period when a wide swath of companies including hotel chains and retailers have experienced major data breaches. Capital One’s breach was particularly surprising because it ran counter to a popular perception that the bank was ahead of the game in technology. Prosecutors have said that the hacker began attempting to access the bank’s information in March, but Capital One didn’t learn of it until it was tipped off by an outside researcher 127 days later.
So despite employing professionals with what appeared to be the best technology in the business, Capital One was breached. The unfortunate reality of cybersecurity seems to be that no one is immune and that only constant vigilance on your part will protect you from identity theft and fraud.
The first steps in protecting yourself are checking your credit reports regularly, setting up a service like LifeLock (there are others, but LifeLock works for me) to monitor your accounts, and always scrutinizing any links or attachments you receive over the internet.
Read more about protecting your identity here:
