Capital One's Cloud Breach & Why Data-Centric Security Matters

Capital One’s breach of more than 100 million customer records is making headlines around the world. The sheer number of stolen records, including social security numbers, credit card applications, and...
Rachel Hunt
1 min read
Last updated September 24, 2021

Capital One’s breach of more than 100 million customer records is making headlines around the world. The sheer number of stolen records, including social security numbers, credit card applications, and more places the breach near the top of a growing list of recent mega-breaches.

Bloomberg BusinessWeek recently spoke with Varonis Field CTO Brian Vecci on the importance of data-centric security and the hefty fines hitting breached companies.

Listen to the podcast.


It’s a reminder that it only takes one malicious insider to wreak havoc for years to come. In this case, the attacker exploited a vulnerability in a web application firewall, gaining access to an elevated service account that could then read/copy sensitive files and folders in a cloud data store.

Key takeaways from the podcast:

  • Breaches are commonplace and haven’t always mattered to many large institutions, but attitudes are changing with legislation like the GDPR and in California with the CCPA and companies are making data security a priority.
  • The ultimate responsibility for protecting data in the cloud lies with the companies that use cloud services. Companies must make sure the right monitoring and controls are in place.
  • Data is a company’s biggest risk: it’s growing faster than it ever has before. The collaboration and convenience of using cloud data stores mean companies have more data and more access to it by design.
  • Insiders are more sophisticated and know what they are doing, but companies are not consistently monitoring unauthorized data access.
  • Companies must measure and mitigate the risk associated with their data.
  • You need automation on your side: it is impossible to have enough people reviewing logs to solve the issue.

While organizations focus on keeping attackers out, all too often the data itself remains widely accessible and unmonitored. Do you know how your data security stacks up? Varonis provides free risk assessments to get your data security pointed in the right direction.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:


Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.


See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.


Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

COVID-19 Threat Update #1
Varonis sees the highest number of VPN and O365 events ever recorded across customer base. Click to watch our security experts discuss what they’re seeing on the front lines, and what...
The World in Data Breaches
The number of lost or stolen data records varies around the world. Using data from the Breach Level Index, we visualized where these records are concentrated based on the locations of the organizations that reported them. Take a look!
Salesforce Security Guide: Best Practices
Data breaches exposed 36 billion records in the first half of 2020. This number continues to increase as more businesses go online, with more knowledge workers working remotely in 2021….
How Varonis Helps Stop Emotet
Our incident response team is tracking an unprecedented number of Emotet malware infections. This post will cover indicators of compromise, mitigations, and how Varonis can help you detect and stop Emotet at each phase of an attack.