The Washington Post - 31.07.2019

A14 EZ RE THE WASHINGTON POST.WEDNESDAY, JULY 31 , 2019

Economy & Business

ECONOMY

Consumer spending,

incomes up in June

Consumer spending rose a
healthy 0.3 percent in June,
slightly below the strong gains of
the past three months, while
incomes turned in a solid
0.4 percent gain for the fourth
straight month.
The Commerce Department
said Tuesday that the spending
increase followed strong gains of
1 percent in March, 0.6 percent in
April and 0.5 percent in May
following a lackluster start to the
year.
An inflation gauge favored by
the Federal Reserve showed prices
rising 1.4 percent over the past
year, well below the Fed’s 2 percent
inflation target.
The overall economy slowed to

a growth rate of 2.1 percent in the April-June quarter, from 3.1 percent in the first quarter, as the trade deficit widened and businesses cut back on capital investment. Consumer spending grew at an annual rate of 4.3 percent in the second quarter after a disappointingly weak 1.1 percent gain in the first quarter. — Associated Press

TECHNOLOGY

China helped Apple’s earnings beat targets

Apple’s quarterly profit and revenue beat Wall Street targets Tuesday, and its forecast for fourth-quarter sales topped expectations, as well, with chief executive Tim Cook telling Reuters that “marked improvement in

greater China” drove the results. Services revenue in the fiscal third quarter rose 12.6 percent to $11.46 billion, a record, but missed expectations of $11.73 billion, according to IBES data from Refinitiv. IPhone sales fell 12 percent to $25.99 billion, about in line with expectations of $25.96 billion, according to Refinitiv data. Apple shares were up 3.5 percent to $216.10 in after- hours trading after the news. Cook told Reuters that results for mainland China, a subset of Apple’s greater China region, were positive. Apple said it expects revenue for the current fiscal fourth quarter of $61 billion to $64 billion, compared with analyst estimates of $61.02 billion. — Reuters

ALSO IN BUSINESS U.S. home prices rose at a slower pace in May, a sign that many would-be buyers are finding properties unaffordable. The S&P CoreLogic Case-Shiller 20-city home price index increased 2.4 percent in May from a year earlier. That marked a slight deceleration from the 2.5 percent year-over-year gain in April. The sluggish price growth stems largely from the most expensive markets, where years of price growth have undermined affordability.

DirecTV Now customers received notices Tuesday saying the name of that service has been changed to AT&T TV Now. The move comes as AT&T tests a separate live television service with fewer channels called AT&T TV. That

version, which requires high- speed Internet access, is being tested in some markets this summer before a wider rollout. It will contain live channels, a trove of on-demand program options and access to popular apps such as Netflix. At least for now, AT&T is retaining the DirecTV brand for the pioneering satellite TV service. Five major retailers were targeted in lawsuits filed in Los Angeles federal court Tuesday by the University of California over what it called the “existential threat” posed by foreign manufacturers that are accused of infringing schools’ patents. Amazon, Walmart, Target, Ikea and Bed Bath & Beyond were accused of infringing four of the university’s patents related to “filament” LED lightbulbs, which use less energy and last longer than traditional lightbulbs.

(Amazon chief executive Jeff Bezos owns The Washington Post.) The university also asked the U.S. International Trade Commission to open a probe into the retailers’ conduct related to the importing of lightbulbs. Procter & Gamble on Tuesday reported a fiscal fourth-quarter loss of $5.24 billion, after reporting a profit in the same period a year earlier. The Cincinnati-based company said it had a loss of $2. per share. Earnings, adjusted for asset impairment costs and restructuring costs, came to $1. per share. The results surpassed Wall Street expectations. The average estimate of nine analysts surveyed by Zacks Investment Research was for earnings of $1. per share. The consumer products maker posted revenue of $17.09 billion in the period. — From news reports

DIGEST

BY HANNAH KNOWLES

Weeks before she was arrested, Paige Thompson was getting ready to euthanize her cat. The 33-year-old Seattle programmer was pained like any loving pet owner, tweeting that her cat Millie’s health would “only get worse” and that she “just can’t see her go through this misery anymore.” Her next tweet took a darker turn. Thompson wrote that she planned to check into a mental hospital after her ordeal with Millie was over. “I have a whole list of things that will ensure my involuntary confinement from the world,” she wrote July 5. “The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.” On Monday, Thompson was accused in one of the largest data breaches to strike a financial services company. A criminal complaint, which cited Thomp- son’s Twitter account, says the software developer stole 100 million credit card applications from Capital One, exposing 140,000 Social Security numbers and 80,000 bank account numbers in the latest testament to the vulnerability of personal data online. Thompson’s tweets — sometimes typo-riddled, sometimes profane, often in all lowercase letters — came from an account under a stylized version of “Er- ratic,” the alias linking her vari- ous online profiles. Authorities traced Thompson from the mes- saging platform Slack to her accounts in places such as Twit- ter and the code-sharing website GitHub, where authorities say she posted the stolen data for all to see under her real name and email address. Many of Thompson’s online footprints are gone now, leaving only broken URLs. Her LinkedIn page says “Profile not found.” The personal website listed on her résumé was taken down. The programming group she once ran on Meetup.com, dubbed “Se- attle Warez Kiddies,” no longer exists. But other parts of the online

identity that helped the FBI build its case remain. Thompson’s Twitter posts show no inkling from the software developer that her name would soon be in the news, after Capital One disclosed the hack Monday. A day earlier, Thomp- son was retweeting her usual mix of programmer jargon (“need to write a scraper for this”), Inter- net slang (“wrekt”) and other musings. On Friday, she was still mourning her cat. She tweeted that she couldn’t wash something because Millie had been euthanized on it. One of Erratic’s posts from the day before the Capital One hacking news broke simply said, “sigh.” But privately, Thompson ac- knowledged the risks of what she was doing with Capital One data, according to court documents. “Ive basically strapped myself with a bomb vest... dropping capitol ones dox and admitting it,” she wrote in a direct message to another Twitter user captured in images included in the criminal complaint. Others Thompson interacted with online noted the danger of her alleged hacking exploits, too. “don’t go to jail plz,” someone on Slack told Thompson after she described the sensitive files she had, court documents state. But Thompson said she wanted the files off her server. “I gotta find somewhere to store it,” she wrote. Savvy by her own account in a litany of programming languag- es, operating systems and tools, Thompson was a systems engineer at Amazon Web Services for about a year and a half until the fall of 2016, according to a résu- mé posted online. Before working on issues such as automation and security up- dates at Amazon, the document indicates, she spent a decade in a host of other tech roles, rarely staying at the same company for more than one year. Some jobs were based in Washington; for others, she tele- commuted. (Amazon founder Jeff Bezos owns The Washington Post.) The education history on Thompson’s résumé is much sparser. For her 2005 and 2006 stint at Bellevue College in Wash- ington state, there’s just a brief bullet point: “Left to pursue a career opportunity.” [email protected]

Hacking suspect

allegedly left a trail

Court documents: Woman discussed data she is accused of stealing

BY TAYLOR TELFORD AND HANNAH DENHAM

The personal information of
more than 100 million credit card
applicants was compromised in
the Capital One hack announced
Monday, illustrating once again
just how vulnerable consumer
data can be even for the most
security-minded organizations.
The hack, one of the largest ever
against a financial services firm,
comes just days after the
credit-reporting company Equifax
reached a $700 million settlement
with U.S. regulators over the high-
profile 2017 cyberattack that ex-
posed the data of 147 million peo-
ple.
FBI agents arrested a Seattle
software engineer, Paige A.
Thompson, on accusations of com-
puter fraud. The bank says the
hack exposed 140,000 Social Secu-
rity numbers and 80,000 bank
account numbers, as well as credit
scores, balances and personal in-
formation such as addresses,

birthdays and contact information. Roughly 6 million Canadian customers also were affected, Cap- ital One said. Worried your data might have been exposed in the hack? Here’s how to make sure your accounts are secure and to safeguard yourself against future attacks.

Check your accounts for suspicious activity Capital One will notify customers affected by the breach and is offering free credit monitoring and identity protection. In the meantime, check your recent credit card statements and bank account transactions for suspicious activity. You should also check your credit report to see if any false accounts or credit cards have been opened in your name. Report any concerning activity to your bank immediately.

Freeze your credit Freezing your credit is a crucial step in identity protection, as it

ensures no one, including banks, can access your credit reports without your permission. You can freeze your credit for no cost, either online or by phone, according to Ted Rossman, a CreditCards.com analyst. “The number one thing con- sumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion,” Rossman said. “This is the best way to prevent a criminal from opening an unauthorized account in your name. Unfortu- nately, only about 1 in 4 U.S. adults have frozen their credit.” If freezing your credit is not an option, you can contact a credit bureau to set up fraud alerts, said Daniel Markuson, a digital priva- cy expert at NordVPN.

Change your passwords often Rossman said a poll by Credit- Cards.com found that more than 80 percent of adults in the United States reuse their passwords. Set- ting up two-factor authentica-

tion, a second level of logging into your personal accounts, also is a good idea, whether that is through a text message sent to your phone or an external app such as Google Authenticator.

Stay alert for possible scams Because the hack involved a great deal of personal information, it is possible it could lead to a rise in phishing scams, Markuson said “Personalized phishing messag- es are designed to look as if they are coming from a legitimate bank or other familiar organization,” he said. “Such scams are usually very effective as criminals use a piece of real information, for example, your name and address.” To protect yourself from scam- mers, do not click links from par- ties you do not trust. Also do not give out personal information over the phone, even if the person contacting you claims to represent a trusted organization. [email protected] [email protected]

How to protect your data from future attacks

DOW 27,198. DOWN 23.33, 0.1%

NASDAQ 8,273. DOWN 19.72, 0.2%

S&P 500 3,013. DOWN 7.79, 0.3%

GOLD $1,441. UP $8.50, 0.6%

CRUDE OIL $58. UP $1.18, 2.1%

10-YEAR TREASURY UP $0.60 PER $1,000, 2.06% YIELD

CURRENCIES $1=108.62 YEN, EURO=$1.

BY RACHEL SIEGEL

In 2015, Capital One’s chief in-
formation officer, Rob Alexander,
promoted the steps the bank had
taken to protect its financial data.
In his keynote address at an Ama-
zon Web Services conference, Al-
exander said Capital One had
looked to AWS to meet customer
demand, cut back on its data cen-
ters and boost security, especially
since “the financial services indus-

try attracts some of the worst cybercriminals.” Four years later, Capital One was ensnared in one of the largest- ever hacks of a big financial insti- tution. And in the end, its embrace of cloud services could not save roughly 100 million credit card applicants in the United States from their data being compromised. Federal agents in Seattle arrested Paige A. Thompson, 33, who was accused this week of breaking through a misconfigured Capital One firewall. The hole meant a hacker could reach the server where Capital One was storing its information and access customer data. Amazon told the New York

Times that its cloud had stored the Capital One data. But the bank said that “this type of vulnerability is not specific to the cloud,” noting it was able to quickly diagnose and fix the issue because of its “cloud operating model.” Amazon told the Times that it found no evi- dence that its underlying cloud services were compromised. Amazon did not respond to a request for comment Tuesday. (Amazon founder and chief executive Jeff Bezos owns The Washing- ton Post.) On Monday, the Virginia-based bank said a hacker had accessed roughly 100 million credit card applications. Federal prosecutors say the breach also included 140,000 Social Security numbers

and 80,000 bank account numbers, culled from tens of millions of credit card applications. Capital One said the data came from applications that customers and small businesses submitted from 2005 to early 2019. The bank said the hack will cost the company $100 million to $150 million in the near term. The hack comes just days after Equifax, a credit reporting company, announced it had reached a $700 million settlement with federal regulators over a 2017 cyberattack that exposed the personal information of 147 million people. Capital One has been a leading advocate in the banking world for cloud services. The company is migrating more of its applications

and data to the cloud, Bloomberg reported, and plans to be done with its data centers by the end of

Other financial companies
have been more wary of cloud
services, largely for security rea-
sons.
Cloud-hosting services such as
AWS are attractive to companies
looking to cut costs, said Jonathan
Stone, chief technology officer for
the IT consulting firm Kelser.
Building and running data centers
carries a hefty price tag, often tens
of millions of dollars. But with a
third-party service, “you can be an
expert in your business and not
necessarily have to know how all
the plumbing works,” Stone said.
That assurance did not protect
Capital One from its own firewall

issue, which federal officials say allowed the hacker to break through. Thompson was an AWS employee who last worked at Amazon in 2016, a company spokesman told Bloomberg. The spokesman said the breach Capi- tal One described did not require insider knowledge. Though the bank missed the firewall issue on its own, it moved quickly to remedy it, Stone said. But the hack also raises questions about how companies handle and store historical data, such as credit card applications going back more than a decade. “The more stuff you have laying around,” Stone said, “the more chance you have of something bad happening with it.” [email protected]

Capital One embraced cloud, but that couldn’t stop hack

AKHTAR SOOMRO/REUTERS

Shopkeepers chat Tuesday as they wait out the rain in a fabric shop at a wholesale market in Karachi, Pakistan. This was

the second day in a row that monsoon rains hit the southern port city, triggering floods and power outages.

Waiting out the storm

Hole in the bank’s own firewall led to major data breach

The Washington Post - 31.07.2019

Get our desktop app

Company

Features

Documentation

Resources