|Bid||144.53 x 1000|
|Ask||144.69 x 1300|
|Day's Range||143.89 - 145.56|
|52 Week Range||88.68 - 145.56|
|Beta (3Y Monthly)||1.43|
|PE Ratio (TTM)||N/A|
|Earnings Date||Oct 22, 2019 - Oct 28, 2019|
|Forward Dividend & Yield||1.56 (1.09%)|
|1y Target Est||141.44|
Equifax Inc. (NYSE:EFX) stock is about to trade ex-dividend in 4 days time. You can purchase shares before the 22nd of...
If you're thinking of shopping for Rite Aid (NYSE:RAD) stock on its much-hyped, package pick-up collaboration with Amazon (NASDAQ:AMZN), be prepared to buy some Tylenol or Pepto Bismol for home delivery at the same time. Let me explain.Source: Shutterstock Chipotle (NYSE:CMG), Equifax (NYSE:EFX) or Wells Fargo (NYSE:WFC) -- each brand has bounced back in recent years from high profile wrongdoings. The thing is, scandals can be sorted out and time helps in healing those past wounds. Too bad, that's not the problem with RAD stock.Rite Aid's problem is the same one many once-great brick-and-mortar shops are going through or have bowed to already. More and more buying is transacted online with those goods being dropped straight to your doorstep. And chances are, Amazon has been a key player in this bearish market dynamic, even for a storefront like RAD stock.InvestorPlace - Stock Market News, Stock Advice & Trading TipsSure, Amazon has backed away from entering the prescription business. But Amazon already sells a line of over-the-counter private-label medicines. Its Basic Care line offers a range of products from ibuprofen to allergy medicine. Amazon is also pursuing the medical community to purchase common and disposable items from rubber gloves, syringes to gauze from its Amazon Business site. And that's certainly at the expense of RAD stock.RAD stock has another big problem too. Rite Aid isn't a store known to attract foot traffic from the all-important millennial demographic. Sorry … Rite Aid just isn't "cool." And sadly, even the population Rite Aid has captured is getting older and less likely to be hopping in the car or walking to Rite Aid to pick up stockings, Certs and a prescription. * 10 Real Estate Investments to Ride Out the Current Storm But before I pronounce RAD stock as being D.O.A., could Amazon be both a villain and savior for RAD stock? There are investors who believe the new Amazon Counter pick-up option for Amazon purchases at Rite Aid stores could be a prescription for success.The bull case rests on the hypothesis that influential millennials flush with cash, who otherwise wouldn't be caught stepping foot in a Rite Aid store, will now be waiting in line by the dozens and invariably be making additional impulse purchases from Rite Aid before exiting. RAD Stock Monthly ChartOn the surface, the deal sounds kind of interesting. But don't hold your breath on RAD stock. Most Amazon packages aren't going to be dropped off at Rite Aid. And for those few packages that aren't received at one's doorstep, office or neighbor's house, consumers have a choice of where they want to pick the delivery up from. And guess what? That's probably bad news for Rite Aid's service.The fact is for those few boxes, packages and envelopes which don't go to the doorstep, there's already options for picking up merchandise. Consumers have a choice of Amazon Lockers at various convenience stores and even standalone Amazon storefronts to pick up items from. Further, with the partnership just underway and starting with 100 Rite Aid stores but promising 1,500 by year end, it's still going to be a tough proposition to get Millennials, let alone anyone else that normally wouldn't be in a Rite Aid already, into a Rite Aid store and make an actual difference in RAD stock's bottom line. * 7 Stocks the Insiders Are Buying on Sale Think about this as well, what's to stop Amazon from opening up its Counter distribution network into other retailers and hindering Rite Aid's chances even more? And finally, let's be real … given today's existing and more discreet options where communication is minimized and hassle free from checkout lines, the choices for millennials to pick up packages were already in place before Rite Aid's Amazon Counter.So, before you consider investing in Rite Aid stock, take a look at the stock chart and note that while the ginormous bottoming pattern certainly holds the allure of something special, you need to be smart. Think long and hard about today's message, the obvious, existing problems the company faces and RAD's nearly 30% in short interest as fair warning.Disclosure: Investment accounts under Christopher Tyler's management do not currently own positions in any securities mentioned in this article. The information offered is based upon Christopher Tyler's observations and strictly intended for educational purposes only; the use of which is the responsibility of the individual. For additional options-based strategies, related musings or to ask a question, you can find and follow Chris on Twitter @Options_CAT and StockTwits. More From InvestorPlace * 2 Toxic Pot Stocks You Should Avoid * 10 Real Estate Investments to Ride Out the Current Storm * 7 Marijuana Penny Stocks to Consider for Those Who Can Handle Risk * 7 Safe Dividend Stocks for Investors to Buy Right Now The post Think Amazon Will Save Rite Aid Stock? Think Again. appeared first on InvestorPlace.
Relevant, estimated data on household economics helps marketers to target the best online audiences at scale ATLANTA , Aug. 13, 2019 /PRNewswire/ -- Equifax Data-driven Marketing, the marketing data, analytics ...
Announcement of Periodic Review: Moody's announces completion of a periodic review of ratings of Equifax Inc. New York, August 12, 2019 -- Moody's Investors Service ("Moody's") has completed a periodic review of the ratings of Equifax Inc. and other ratings that are associated with the same analytical unit. The review was conducted through a portfolio review in which Moody's reassessed the appropriateness of the ratings in the context of the relevant principal methodology(ies), recent developments, and a comparison of the financial and operating profile to similarly rated peers.
ATLANTA , Aug. 9, 2019 /PRNewswire/ -- Equifax Inc. (NYSE: EFX) today announced that the Equifax Board of Directors declared a quarterly dividend of $0.39 per share, payable on September 13, 2019 , to ...
The recent data breach at Capital One didn't follow the plotline of a usual cybercrime. The data breach wasn't small--it affected 100 million customers. Very sensitive personal financial information was stolen from these customers, including Social Security numbers, linked bank account information, credit scores, credit limits, balances, payment history, and transaction history.
(Bloomberg) -- It took a $650,000 salary for Matt Comyns to entice a seasoned cybersecurity expert to join one of America’s largest companies as chief information security officer in 2012. At the time, it was among the most lucrative offers out there.This year, the company had to pay $2.5 million to fill the same role.“It’s a full-on war for cyber talent,” said Comyns, a managing partner at executive search firm Caldwell Partners who specializes in information security. “CEOs know that, so they play hardball. Everyone’s throwing money at this.”The threat of digital breaches -- and the fines, lawsuits and occasional executive resignations that sometimes follow -- has left companies scrambling to scoop up scarce security experts. The growing compensation packages and broadened responsibilities are a dramatic shift for a group of workers who once confined to obscure IT departments, little more than an afterthought to senior management.Unfilled JobsIn the 12 months ended August 2018, there were more than 300,000 unfilled cybersecurity jobs in the U.S., according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education. Globally, the shortage is estimated to exceed 1 million in coming years, studies have shown.That’s coincided with increased frequency and sophistication of digital attacks, which range from disruption of computer systems to extortion and theft of sensitive personal information.In April, JPMorgan Chase & Co. Chief Executive Officer Jamie Dimon told shareholders that cybersecurity “may very well be the biggest threat to the U.S. financial system.” His counterpart at Bank of America Corp., Brian Moynihan, said previously that the lender’s cybersecurity unit operates with an unlimited budget.Just last week, Capital One Financial Corp. disclosed that personal data of about 100 million customers had been illegally accessed by a Seattle woman, possibly one of the largest breaches affecting a U.S. bank. The firm’s shares have fallen 8.9% since the intrusion was revealed.Equifax SettlementIn late July, credit reporting firm Equifax Inc. agreed to pay up to $700 million to settle federal and state investigations into a 2017 hack that compromised sensitive information of more than 140 million people and led to the resignation of the firm’s long-time CEO Rick Smith.High-profile breaches aside, myriad U.S. companies and employees are the subject of hacker attacks each day. Industry insiders joke that there are two types of companies: Those that have been hacked, and those that haven’t yet discovered that they’ve been hacked.“If you’re not careful, you can get numb to it,” said Andrew Howard, who leads the enterprise security division of Kudelski Group.Equifax paid Jamil Farshchi $3.89 million in 2018 to take the job as chief information security officer. He joined from Home Depot, which had hired him in the wake of a 2014 breach that exposed credit-card information belonging to 56 million customers.Directly InvolvedWhile most U.S. firms don’t disclose compensation for top information-security executives, Comyns said big tech firms on the West Coast can pay as much as $6.5 million, most of it in stock. In some cases, direct reports can make around $1 million -- more than their bosses typically would have made just a few years ago.Aware of the challenges of replacing a security chief, many companies take unprecedented measures to keep them, with CEOs often getting involved in the negotiations. In one recent instance, Comyns said, a CISO who considered leaving was told to go home and write down 10 things that would change his decision. The list included a 50% increase in salary and bonus, more than doubling his long-term incentive award, a promotion and a new office. The CEO concurred, and the person stayed.Hefty raises can pale in comparison with the potential downside. The average cost of a breach for U.S. companies was about $8 million, according to a study from IBM Corp. and the Ponemon Institute. Equifax shows that the cost can be many multiples of that. This week, Marriott International Inc. reported they took a $126 million charge related to a 2018 breach of one of its reservations databases.Bigger PaychecksInsurance can cover financial expenses, but won’t help restore lost customer trust and a tarnished reputation, said James Lam, a director at E*Trade Financial Corp. who also advises companies on risk management, including cybersecurity.CEOs may be inclined to spend more because their own jobs and reputations could be on the line. Gregg Steinhafel resigned as CEO of Target Corp. in 2014 after a hacker attack that compromised 40 million credit card accounts rocked the already-struggling retailer.That episode “got everyone’s attention,” said Kudelski Group’s Howard, and led to scores of companies appointing people with cybersecurity expertise to their boards.It’s also pushed many companies to expand the responsibilities of information security staff, ensuring that their work spans the entire organization. To Comyns, that means their pay will continue to increase.“CEOs don’t know what it’s worth until it’s walking out the door,” Comyns said. “Then they stand in the door and say, ‘You’re not going anywhere.’”(Updates with Marriott breach in 15th paragraph.)To contact the reporter on this story: Anders Melin in New York at email@example.comTo contact the editors responsible for this story: Pierre Paulden at firstname.lastname@example.org, Steven CrabillFor more articles like this, please visit us at bloomberg.com©2019 Bloomberg L.P.
Another day, another hack … another reason to buy cybersecurity stocks.Source: Shutterstock I've been saying that for a few years now, and over the past three years, cybersecurity stocks have indeed roared higher. The First Trust Cybersecurity ETF (NASDAQ:CIBR) is up over 65% over the past three years. The S&P 500 is up just 38% over that same stretch.Why the huge out-performance in cybersecurity stocks? Because -- drawing back to the opening statement -- data hacks have simply kept happening … all the time … everywhere.InvestorPlace - Stock Market News, Stock Advice & Trading TipsIn 2016, personal and financial information on hundreds of millions of accounts were compromised thanks to data breaches at Adult Friend Finder, Yahoo and Uber (NYSE:UBER). In 2017, it was Equifax (NYSE:EFX) and Verizon (NASDAQ:VZ) that were hit hard by data breaches which similarly exposed information on hundreds of millions of accounts. Marriott (NASDAQ:MAR), Twitter (NYSE:TWTR), Under Armour (NYSE:UAA) and Chegg (NASDAQ:CHGG) were big hack victims in 2018. In 2019, the headline hack so far has been the Capital One (NYSE:COF) data breach, which exposed info on more than 100 million Capital One customers.As these hacks have kept happening, enterprises have increasingly doubled down on cybersecurity solutions, spending an arm and a leg on cybersecurity to make sure they protect customer info and data, which, for what it's worth, is an increasingly valuable asset in today's data economy.As such, the saying still rings true today. Another day, another hack, another reason to buy cybersecurity stocks. So long as this saying remains true, cybersecurity companies will stay in rally mode. * 10 Stocks to Buy on the Trade War Dip With that in mind, let's take a look at four cybersecurity stocks to buy to play this secular growth trend. Palo Alto Networks (PANW)Source: Shutterstock At the top of this list of cybersecurity stocks to buy, we have global cybersecurity leader, Palo Alto Networks (NASDAQ:PANW).The saying "another day, another hack, another reason to buy cybersecurity stocks" could easily be substituted for the saying "another day, another hack, another reason to buy PANW stock".Palo Alto Networks is that big, that dominant, and that good.This company has been the leader of the cybersecurity industry for a long time. It has a long track record of 20%-plus revenue growth, and actually grew revenues at a 40% compounded annual growth rate between 2014 and 2018. It has an equally long and robust track record of customer growth, going from 4,000 customers at the end of 2011, to 54,000 customers by the end of 2018.At the same time, the business model is highly attractive. It's a software business, so gross margins are sky high. Above 75% to be exact. The opex rate has dropped consistently with scale, and operating margins have climbed from 11% in 2014, to above 20% last year. Further, the business generates a lot of cash because capex is so low, with 40%-plus free cash flow margins.Going forward, Palo Alto Network reasonably projects as a 15%-plus revenue grower with favorable margin drivers. That should drive somewhere between 20% and 25% profit growth over the next few years, which puts 2025 earnings-per-share somewhere around $16. Based on a software average multiple of 25-times forward earnings, that implies a long-term price target for PANW stock of $400, substantially higher than today's price tag.All in all, then, PANW stock looks like a solid long-term investment at current levels. Okta (OKTA)Next up, we have hyper-growth cybersecurity company Okta (NASDAQ:OKTA), whose unique approach to the cybersecurity problem has gained tremendous traction over the past few years.Okta has developed what it calls the Identity Cloud, which is essentially just a cloud-based cybersecurity solution that puts individual identity at the core of the solution. In so doing, Okta's solutions enable individuals in enterprises to seamlessly and securely adopt any new software, since the security is based on the individual identity, which doesn't change from app to app.This unique approach to cybersecurity has gained tremendous traction recently. Okta has consequently posted 50%-plus revenue growth rates in each of the past several quarters, alongside 30%-plus customer growth. Much like Palo Alto Networks, Okta also employs a highly attractive software business model which runs at 70%-plus gross margins. Revenue scale has also sparked continued and significant operating leverage.All in all, Okta has all the right ingredients for huge profit growth over the next few years as sustained big revenue growth drives significant operating leverage on top of huge gross margins, creating a visible pathway toward big operating margins on big revenues one day.From this perspective, I think this company could easily be a $5 billion-plus revenue business one day, with operating margins of 30% or higher. That combination could realistically output around $10 in EPS. Based on a 25 forward multiple, that equates to a long-term price target of $250. * 7 Stocks the Insiders Are Buying on Sale To be sure, it will take a while for Okta to get there. But, the long-term upside here is nonetheless compelling. Proofpoint (PFPT)Another cybersecurity name to buy for the long haul is Proofpoint (NASDAQ:PFPT).The narrative at Proofpoint is very healthy. Proofpoint is the leader in email security. Email is the No. 1 channel through which personal hacks happen. Yet, email security spend accounts for a very small piece of the total IT security spend. This disconnect implies secular growth potential in email security spend. Most of that spend will find its way into Proofpoint. As such, Proofpoint projects as a big revenue growth company for as long as cyber and email security tailwinds remain vigorous.The numbers here corroborate the healthy growth narrative. Proofpoint has grown SaaS revenues at a 35% compounded annual growth rate from 2012 to 2019 (projected). At the time of the company's IPO in 2012, Proofpoint had just 2,400 customers, only 2% of whom subscribed to three or more products. Today, the company has 6,100 customers (nearly triple), about half of whom subscribe to three or more products. Thus, Proofpoint has shown an impressive ability to both expand its market and cross-sell its current customers.On top of all this, Proofpoint -- like many of its cybersecurity peers -- operates at sky high 75%-plus gross margins, and has a rapidly retreating opex rate that is falling steadily with increasing scale.These dynamics will persist given secular tailwinds. As such, you're looking at a ~20% revenue growth company over the next several years, with considerable margin drivers. That should produce around 25-30% profit growth, which means EPS could get to around $7 by 2025. Based on a software average 25-times forward multiple, that equates to a 2024 price target of $175, which represents substantial upside from toady's levels. Splunk (SPLK)Source: Web Summit Via FlickrLast, but not least, on this list of cybersecurity stocks to buy is Splunk (NASDAQ:SPLK).Unlike the other companies on this list, Splunk is not inherently a cybersecurity company. Splunk is a data company first. Specifically, Splunk specializes in taking machine data, and turning that data into actionable insights for enterprises. This is a huge and growing business. Data is only becoming more abundant, more important, and more useful. Splunk is enabling companies to glean the most out of all this data, and in so doing, is providing a very necessary and valuable service in today's data economy.The volume of data globally will only continue to grow over the next several years. The usefulness of that data will also only continue to grow. As such, companies will continue to spend big on services like Splunk to produce valuable insights from that data.On the cybersecurity front, Splunk is relatively new to the cybersecurity game. But, the plunge into the market makes sense. Splunk has all this data, which it can easily leverage to produce data-driven cybersecurity solutions. That's exactly what it is doing. And with great success. Splunk continues to add several customers to its security business, with the most recent notable add being Slack (NYSE:WORK).Given its multi-faceted secular growth tailwinds, Splunk has been a 25%-plus revenue growth company for the past several years. Those same tailwinds will remain in play for the foreseeable future. As such, this company reasonably projects as a 20% sales grower over the next few years. Gross margins are high (above 80%), and operating margins will continue to move meaningfully higher as big revenue growth persists. * 10 Cyclical Stocks to Buy (or Sell) Now Net net, Splunk projects as 25-30% profit grower over the next few years. That profit growth trajectory makes $8 in EPS seem doable by 2025. Based on a 25-forward multiple, that implies a 2024 price target of $200.As of this writing, Luke Lango was long UBER, CHGG, PANW, OKTA and SPLK. More From InvestorPlace * 2 Toxic Pot Stocks You Should Avoid * 10 Cyclical Stocks to Buy (or Sell) Now * 7 Biotech ETFs That Should Remain Healthy * 7 of the Hottest AI Stocks to Buy Now The post 4 Cybersecurity Stocks to Buy for Long-Term Gains appeared first on InvestorPlace.
Data breaches through hacking attacks are distressingly common these days, and personal details about you can lead to identity theft, such as credit cards and loans in your name.
The Federal Trade Commission announced Wednesday that, due to an overwhelming response, cash payments aren’t going to be anywhere near $125 each, and urged consumers to sign up for the free credit monitoring offered as an alternative.
After two years of litigation and negotiation with federal regulatory agencies, Equifax (NYSE:EFX) has finally announced a resolution to the massive 2017 data breach. A dominant player in the global credit monitoring market, EFX will set aside some $700 million in a restitution fund to reimburse consumers whose personal data was compromised. This settlement follows similar announcements about massive data governance problems hitting the share prices of Facebook (NASDAQ:FB) and Capital One (NYSE:COF).Source: Shutterstock Over half of the record $700 million settlement that will be set aside by EFX will be paid to some 150 million consumers whose personal data was exposed -- as long as they submit the proper documentation. EFX CEO Optimistic"The announcement was a real milestone and pivot for Equifax, which allows us to fully focus on operations driving growth in our EFX 2020 technology and data security transformation", according to Mark W. Begor, Equifax CEO. "The comprehensive resolution we announced is comprised of multiple related settlement agreements with the consumer class action plaintiffs in the Federal Multi District proceedings, the attorney generals of 48 states, Puerto Rico and the District of Columbia, the Federal Trade Commission, the Consumer Financial Protection Bureau and the New York State Department of Financial Services."InvestorPlace - Stock Market News, Stock Advice & Trading TipsClosing recently at $141.40 and just off the 52-week high of $144, many analysts think EFX stock is overvalued and should be sold. In fact, most consensus estimates put the one-year estimated share price at the $141 level, making EFX stock perhaps a target for a short sell. * 10 Generation Z Stocks to Buy Long Yet, contrary to the gloom and doom in the media, the financials for Equifax stock are strong.In the recent earnings call on July 25, EFX reported top-line earnings that declined 10.3% on a year-over-year basis. However, they delivered solid second-quarter 2019 results beating consensus estimates.Adjusted earnings of $1.40 per share beat the consensus guided range of $1.32 to $1.37 level by 4 cents. EFX revenues of $880 million outpaced the consensus estimate by $8.2 million and improved 0.4% YOY. The reported $880 million came in at the higher end of the guided range of $865 million-$880 million.By now, all the bad news about EFX stock is already baked into the price.While the firm remains cautious in its outlook, there are solid indicators that not only is the worst news in the past, but there are clear drivers of growth on the horizon.For the past three quarters, revenues from EFX's United States Information Solutions (USIS), their biggest operating unit, has consistently beat estimates. E-commerce generated revenues for USIS are exceptionally strong. This is not surprising given the Digital-First strategy of EFX management.And Equifax is well ahead of the curve investing across digital transformation initiatives and cloud migration. This infrastructure spend will eventually pay off in terms of aggressively cutting costs, increasing productivity and bolstering cybersecurity. Partnering with Alphabet (NASDAQ:GOOG, NASDAQ:GOOGL), EFX is completing the process of fully migrating critical data exchanges to Google Cloud Services. The Future for EFX Stock Looks SolidCombined with solid growth in the U.S. home mortgage originations -- all requiring credit bureau services -- as well as ongoing investments into fintech and an improving picture in Europe, Equifax's margin performance should see gains through the year. More importantly, EFX is investing heavily on productivity enhancement, e-commerce and cost cutting, in a high growth market with high barriers to entry.By comparison, FB, GOOG and Microsoft (NASDAQ:MSFT) have all, in the past, been hit with similar bad news and financial settlements due to data governance problems … and their stock prices all have bounced back nicely.Similarly, with a week of bad headlines well behind it, Equifax stock may present an opportunity to buy on the dips.As of this writing, Theodore Kim did not hold a position in any of the aforementioned securities. More From InvestorPlace * 2 Toxic Pot Stocks You Should Avoid * 8 of the Most Shorted Stocks in the Markets Right Now * 7 Charts That Should Concern Marijuana Stock Investors * 8 Monthly Dividend Stocks to Buy for Consistent Income The post With the Bad News Behind Equifax, EFX Stock Is Becoming a Buy Again appeared first on InvestorPlace.
Some students have paid interior designers $2,000 to create dorm rooms with color-coordinated rugs and ottomans. The IRS has nixed a state-led plan to provide a ‘work around’ for SALT deduction limits. After Equifax settlement, should you opt for free credit monitoring or $125?
Millions of people have been signing up to receive what they think is a $125cash reimbursement from Equifax for its criminal mishandling and exposure oftheir personal and financial data
Capital One’s (COF) data breach of 100 million credit card applications and accounts could become very costly for the company. “This damage to Capital One is probably going to exceed $200 to $300 million dollars by the time it’s all said and done,” said cybersecurity expert Morgan Wright on Yahoo Finance’s The Ticker. Wright is a senior fellow at the Center for Digital Government.
Capital One was hit with a lawsuit on Tuesday accusing it of serious “security failures,” less than 24 hours after it disclosed a hack that exposed the personal data of 100 million people in the U.S. and 6 million more in Canada.
(Bloomberg) -- Capital One Financial Corp., in recent years, has beat the drum every chance it got: The cloud is cheaper. The cloud is faster. And the cloud is far more secure.Then a hacker got into the cloud, siphoning off sensitive information for more than 100 million of Capital One’s customers.That revelation late Monday thrust the third-largest U.S. credit-card lender into the center of the latest massive data breach, and now threatens to upend a technology strategy personally championed by longtime Chief Executive Officer Richard Fairbank. He’s been one of the financial industry’s most vocal proponents for shifting sensitive customer information to outside cloud services -- a move that he’s promised would cut costs and offer a suite of other benefits.“We are now considered one of the most cloud-forward companies in the world,” Fairbank told shareholders in April.Just weeks before, according to U.S. prosecutors, a hacker began tapping into a vast trove of information from Amazon.com Inc. servers the bank was using. The breach is calling into question the lender’s strategy for reducing technology costs while taking advantage of the cloud’s rapid scalability and burgeoning array of applications.“The magnitude of this breach is very large,” JPMorgan Chase & Co. analysts led by Richard Shane said in a note to clients. “While it is unclear whether this is directly related to Capital One’s transition to a cloud-based infrastructure,” there is likely to be “renewed concern going forward.”Capital One’s shares dropped as much as 7.9% Tuesday morning, their biggest intraday decline in almost four years. The slump pared the stock’s advance for the year to 19%, just above the gain for the 68-company S&P 500 Financials Index.Addresses, IncomeCapital One said that about 100 million U.S. consumers were impacted by the breach. The stolen data, stored on servers rented from Amazon Web Services, was personal information found on card applications, such as names, addresses and dates of birth, and some financial information, including self-reported income and credit scores.On Monday, authorities arrested and charged Paige A. Thompson, a 33-year-old former Amazon Web Services employee, with computer fraud and abuse. In a complaint filed in Seattle, prosecutors said that Thompson exploited an improperly configured firewall and accessed the data at various times between March 12 and July 17. The bank said it immediately fixed the problem once it was discovered.Capital One said its expects the incremental costs of the incident to be $100 million to $150 million, mostly expenses tied to providing credit monitoring and legal support. The company has a cyber-risk insurance policy with a $10 million deductible for $400 million in coverage.“This type of vulnerability is not specific to the cloud,” Capital One said in a statement. “The speed with which we were able to diagnose and fix this vulnerability, and determine its impact, was enabled by our cloud operating model.”Cloud PushWhile banks including JPMorgan and Discover Financial Services have been vocal proponents of cloud technology and its ability to lower costs and speed up digital advancements, industry executives have cautioned that sensitive consumer data could be put at risk on the cloud. Bank of America Corp., the second-largest U.S. bank, has been reticent to use the public cloud.Amazon Web Services is making an aggressive push for growth in the financial industry and is already working with firms including HSBC Holdings Plc, Fidelity Investments, Nasdaq Inc. and Liberty Mutual Group Inc.“We’re all in on the cloud right now,” Steve Randich, chief information officer at the Financial Industry Regulatory Authority, the U.S. brokerage industry’s main regulator, said at a conference hosted by Amazon Web Services earlier this month at New York’s Javits Center. Virtually all of the regulator’s applications and data are in the public cloud, and its net costs have decreased as a result, he said.Over the years, Capital One has become something of a poster child for Amazon’s push into financial services for its cloud business. The lender was among the first to publicly acknowledge a partnership with Amazon, and it was the subject of several case studies that Amazon published on how its technology can improve banks’ offerings.“Capital One selected AWS for its security model,” according to an Amazon Web Services website. “It is using or experimenting with nearly every AWS service to develop, test, build and run its most critical workloads, including its new flagship mobile-banking application.”Capital One is often considered a leader in banking technology, a history that goes back to its founding by Fairbank in 1988. In recent years, the company has undergone what it calls a “technology transformation” in which it hired thousands of engineers and developed its application programming interface, or API, to share data more easily.“A lot of how we built our company is not by studying banking, but by forgetting about banking,” Fairbank told investors at a conference last month. The goal is to have a “bank that is empowering your life without having to go visit it every time.”Fairbank himself has been a critic of other companies’ data breaches. He warned investors in 2017 that a breach of Equifax Inc.’s systems that exposed data for more than 140 million consumers would be costly for his firm.“These are bad things for card companies because, every time there’s been a breach, I’ve said to our folks, ‘How come card companies end up paying for this and why not the one who did the breach?’” Fairbank said at the time.\--With assistance from Christian Berthelsen.To contact the reporters on this story: Jenny Surane in New York at email@example.com;Lananh Nguyen in New York at firstname.lastname@example.orgTo contact the editors responsible for this story: Michael J. Moore at email@example.com, Daniel Taub, David ScheerFor more articles like this, please visit us at bloomberg.com©2019 Bloomberg L.P.
The Federal Trade Commission on Tuesday cautioned consumers about websites masquerading as an official Equifax website. The FTC and Equifax unveiled a $700 million settlement last week for the company’s 2017 data breach accessing personal information of 147 million consumers. It said it would notify customers affected by the hack through a “variety of channels” and offered free credit monitoring for two years.
(Bloomberg) -- Capital One Financial Corp. set up an email address for tipsters -- including “white hat” hackers -- to alert the company to potential vulnerabilities in its computer systems. On July 17, the company got a hit.“Hello there,” the email said, according to federal prosecutors. “There appears to be some leaked s3 data of yours in someone’s github/gist.” A link was provided to an account at GitHub, a company that allows users to manage and store project revisions, mostly related to software development.It didn’t take Capital One long to figure out who had accessed its files. The GitHub address included a name, Paige Thompson, a former Amazon.com Inc. employee who used the online nickname “erratic” and discussed her exploits with others, according to federal prosecutors.“I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it,” Thompson allegedly wrote, under the “erratic“ alias, in a June 18 Twitter message. “There ssns...with full name and dob” -- an apparent reference to Social Security numbers.Damage AssessmentIt also didn’t take Capital One much time to assess the damage. On Monday, it announced that about 100 million people in the U.S. had been impacted by the breach, and another 6 million in Canada. The illegally accessed data, which was stored on servers rented from Amazon Web Services, was primarily related to credit card applications and included personal information, like names, addresses and dates of birth, and some financial information, including self-reported income and credit scores.Most Social Security numbers were protected, but about 140,000 were compromised, the bank said. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual.”The company described the tipster to the hack as an “external security researcher.”Thompson, 33, was charged with computer fraud and abuse. In a court hearing Monday, she broke down and laid her head on the defense table. On Tuesday, New York Attorney General Letitia James announced that her office is opening an investigation into the Capital One breach.The scale of the breach ranks it as possibly one of the largest-ever impacting a U.S. bank, although the consequences may be limited if the data wasn’t distributed to others or used for fraud.Capital One shares fell as much as 6.5% Tuesday morning, their biggest decline in six months.Security LapsesThe breach shows how hackers can steal vast troves of consumer data as the result of lapses made by the companies that collect it. In 2017, Equifax Inc. failed to patch a known flaw in its servers, resulting in the theft of 145 million Social Security numbers, along with the names and dates of birth of possibly a third of the U.S. population.In the Capital One case, Thompson was allegedly able to steal vast buckets of personal data because of an improperly configured firewall -- among the most basic digital security tools. The bank said it immediately fixed the problem once it was discovered.In a complaint filed Monday in Seattle, prosecutors said that Thompson accessed the data at various times between March 12 and July 17. A file on her GitHub account, timestamped April 21, contained a list of more than 700 folders and buckets of data, according to prosecutors.The Capital One data had been stored on servers it contracted from a cloud computing company that isn’t identified, though the charges against Thompson refer to information stored on S3, a reference to Amazon Web Services’ popular data storage software.An AWS spokesman confirmed that the company’s cloud had stored the Capital One data that was allegedly stolen, and said it wasn’t accessed through a breach or vulnerability in its systems.Cloud AdvocateCapital One has been one of the most vocal advocates for using cloud services among banks. The lender has said it is migrating an increasing percentage of its applications and data to the cloud and plans to completely exit its data centers by the end of 2020. The move will help lower costs, the company has said.The lender has been the subject of several case studies published by Amazon Web Services that noted the cloud services provider has helped the company develop new technologies faster and improve certain services including its call center.“We have embraced the public cloud and are well on our way to migrating our applications and data to the cloud,” Chief Executive Officer Richard Fairbank told analysts on a conference call in April. “We are now considered one of the most cloud forward companies in the world.”Thompson, previously an Amazon Web Services employee, last worked at Amazon in 2016, a spokesman said. The breach described by Capital One didn’t require insider knowledge, he said.‘Wa Wa Wa’Much of what could be learned about her Monday was information she had posted online. On her GitHub Account, she was writing code dealing with The Onion Router, or Tor, an anonymity tool that allows users to conceal their identities. Capital One investigators determined that Thompson used it in her hack of the bank, according to federal prosecutors.In online interactions, Thompson suggested she was careful to hide her digital tracks with various security tools, including Tor. But the federal complaint against her outlines relatively simple ways Capital One and the FBI were able to establish her identity, including the name on her GitHub Page.Thompson was active in the hacking community on Twitter, and she wrote recently about struggling emotionally, and about euthanizing her beloved cat.On June 27, “erratic” posted about several companies, including Capital One, in an online group, according to court records.“don’t go to jail plz,” another user wrote.“Wa wa wa wa, wa wa wa wa wa wa wawaaaaaaaaaaaa,” Thompson responded, and later added, “I just don’t want it around though. I gotta find somewhere to store it.”On July 29, Federal Bureau of Investigation agents executed a warrant to search Thompson’s residence. In one bedroom, they found digital devices with files that referenced Capital One and its cloud computing company. The devices also included the alias “erratic.”(Updates with New York attorney general investigation in eighth paragraph.)\--With assistance from Matt Day and Michael Riley.To contact the reporters on this story: Christian Berthelsen in New York at firstname.lastname@example.org;William Turton in New York at email@example.com;Jenny Surane in New York at firstname.lastname@example.orgTo contact the editors responsible for this story: Andrew Martin at email@example.com, Peter ElstromFor more articles like this, please visit us at bloomberg.com©2019 Bloomberg L.P.
StockX, the e-commerce site known for selling clothes and sneakers confirmed that it experience a massive data breach, in total 6.8 million customers were impacted. Yahoo Finance's Reggie Wade joins YFi AM to discuss.
Remember the $125 you may get from Equifax following its settlement worth up to $700 million? The FTC is now advising people to choose the free credit monitoring instead because too many people wanted cash, meaning the payout will be nowhere near $125. Yahoo Finance's Zack Guzman and Kristin Myers and Harness Wealth's David Snider talking about the 2017 Equifax breach that left 147 million people compromised.
The Federal Trade Commission says the victims of Equifax's 2017 data breach likely won't be getting the $125 originally promised from the settlement. Yahoo Finance's Sibile Marcellus explains why the victims could be expecting much less.