The Capital One data breach is one of the most extensive breaches of a U.S. financial institution. A woman is accused of accessing 100 million credit card applications and a mix of other personal data through a misconfigured firewall. A criminal complaint against Paige Thompson describes how she allegedly accessed Capital Ones systems. The complaint doesn’t address how such a well-resourced organization like Capital One left itself vulnerable to the intrusion. Large organizations have a much larger attack surface as well, with more corporate resources to monitor, expert says.”]
Source: https://www.cuinfosecurity.com/capital-one-where-did-bank-fail-on-defense-a-12858