The Capital One Cloud Misconfiguration

Capital One 2019 breach exposed 106M records after an AWS misconfiguration and SSRF exploit, costing $270M and reshaping cloud security standards.

Nov 13, 2025

∙ Paid

In July 2019, Capital One, one of the largest banks in the United States, uncovered a breach that exposed sensitive data from over 106 million people across the U.S. and Canada. The attacker didn’t use malware or ransomware. Instead, she exploited a simple cloud misconfiguration, a single firewall rule left open in the bank’s Amazon Web Services (AWS) e…

Continue reading this post for free, courtesy of 911Cyber.

Or purchase a paid subscription.