Millions of Capital One (COF) customers have been affected by a data breach that the bank says happened in March when a software engineer allegedly exploited a vulnerability to access its systems (details below). The hacker may be the dumbest hacker in recent memory. She put the files in her public GitHub account, then posted on social media that she had done it.
 

There is no clever metaphor I can use here. But there are a few lessons. 1) Don't help yourself to data that belongs to someone else, unless you are a professional hacker and know what to do with it. 2) Don't put a gigantic neon sign on your secret hideaway that says, "I did it and I'm here hanging out having a beer." 3) Unless you are schooled-in-the-art, you are going to get caught. Every time. 4) Don't do it... ever.
 

Now, I shall put my Caption Obvious costume back in the closet where it belongs. To be fair, I only take it out on special occasions and it was irritable for this "stupid criminal" story.
 

There is not much you can do to protect yourself from any hack of this kind. Capital One will indemnify you and hold you harmless, and you won't have to pay for any fraudulent use of your account. But, now that you know your account may have been compromised, you should check the charges carefully every day or two and, if that's too much work, look over your monthly statements with extra scrutiny for the next few months.
 

As always, your thoughts and comments are both welcome and strongly encouraged. 

A Hacker Gained Access to 100 million Capital One Credit Card Applications and Accounts

By Rob McLean, CNN Business Updated 1246 GMT (2046 HKT) July 30, 2019

New York (CNN Business) In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers' accounts and credit card applications earlier this year.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.

A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

Thompson was arrested Monday in connection with the breach, the Justice Department said. Thompson's attorney could not be immediately reached for comment.

Capital One (COF) said the hack occurred March 22 and 23. The company indicated it fixed the vulnerability and said it is "unlikely that the information was used for fraud or disseminated by this individual." However, the company is still investigating.

Continue reading on CNN.