Page 1 of 14 - Cover Page Submission ID trn:oid:::3618:89656388

23050342 YatharthaShrestha'.docx
Islington College,Nepal

Document Details

Submission ID

trn:oid:::3618:89656388 10 Pages

Submission Date 2,136 Words

Apr 4, 2025, 9:03 PM GMT+5:45

12,208 Characters

Download Date

Apr 4, 2025, 9:11 PM GMT+5:45

File Name

23050342 YatharthaShrestha'.docx

File Size

14.2 KB

Page 1 of 14 - Cover Page Submission ID trn:oid:::3618:89656388

 Page 2 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

9% Overall Similarity
The combined total of all matches, including overlapping sources, for each database.

Match Groups Top Sources

14 Not Cited or Quoted 6% 3% Internet sources

Matches with neither in-text citation nor quotation marks
1% Publications
5 Missing Quotations 3% 8% Submitted works (Student Papers)
Matches that are still very similar to source material

0 Missing Citation 0%
Matches that have quotation marks, but no in-text citation

0 Cited and Quoted 0%

Matches with in-text citation present, but no quotation marks

Integrity Flags
0 Integrity Flags for Review
Our system's algorithms look deeply at a document for any inconsistencies that
would set it apart from a normal submission. If we notice something strange, we flag
it for you to review.

A Flag is not necessarily an indicator of a problem. However, we'd recommend you

focus your attention there for further review.

Page 2 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

 Page 3 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

Match Groups Top Sources

14 Not Cited or Quoted 6% 3% Internet sources

Matches with neither in-text citation nor quotation marks
1% Publications
5 Missing Quotations 3% 8% Submitted works (Student Papers)
Matches that are still very similar to source material

0 Missing Citation 0%
Matches that have quotation marks, but no in-text citation

0 Cited and Quoted 0%

Matches with in-text citation present, but no quotation marks

Top Sources
The sources with the highest number of matches within the submission. Overlapping sources will not be displayed.

1 Submitted works

Colorado State University, Global Campus on 2024-03-10 2%

2 Submitted works

George Mason University on 2024-12-03 1%

3 Submitted works

Colorado State University, Global Campus on 2023-10-08 1%

4 Submitted works

Queensland Academy of Health Sciences on 2025-02-27 1%

5 Submitted works

Alamo Community College District on 2024-07-16 <1%

6 Submitted works

Chester College of Higher Education on 2019-11-21 <1%

7 Internet

khazna.ku.ac.ae <1%

8 Internet

www.trackr.live <1%

9 Submitted works

Arab Open University on 2024-11-08 <1%

10 Internet

money.cnn.com <1%

Page 3 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

 Page 4 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

11 Submitted works

De Montfort University on 2025-01-17 <1%

12 Submitted works

Liverpool John Moores University on 2023-10-28 <1%

Page 4 of 14 - Integrity Overview Submission ID trn:oid:::3618:89656388

 Page 5 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

1. Introduction

In the past decade there has been exponential growth in the instance of data

breaches, which is primarily affected by the visibility of business operations, personal

information private data over the internet. This increase in the exposure can be largely

2 credited to two factors either the increasing connectivity of on premises data centres

on the internet or large-scale migration of if business service to the cloud based

infrastructure like AWS, Google Cloud, Dropbox and many more. (Shaharyar Khan,

2022). As the reliance of an organization on digital infrastructure increases, they have

been increasing in the number vulnerabilities that exists in the system, leading to high

risk of cyber based attacks and data breaches. The common types of cyberattacks are

as follows:

7 Denial of service (DoS) attack

Man in the middle (MITM) attack

Whale-phishing attack

Ransomware attack

SQL injection attacks

Session hijacking

Figure 1 Capital one

Brute Force attack

The Capital one financial corporation is one of the major American banks holding

company which was founded on 21st July 1994 which deals with loans, credit cards,

Commercial banking and customer banking. Their head quarters is situated on

McLean, Virginia. Capital one is the ninth largest banked in United States based on the

Page 5 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 6 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

5 assets they managed as of (Us gov, 2025). Capital one is the third largest issuer of

MasterCard and visa credit cards in the USA and the largest car finance companies.

As of 31st December 2022, the company has over $144 billion of credit card loan

receivables, $75 billion form loans and over $85 billion from commercial loans ( U.S.

Securities and Exchange Commission, 2022).

On 29th July 2019, the capital one suffered from one of the largest cybersecurity

incidents in the history of banking. This data breach involved unauthorized access to

9 the personal and financial information of over 100 million citizens of United States of

America and over 6 million citizens of Canada. Approximately One hundred forty

12 thousand social security number of U.S credit card customer and about 80,000 bank

3 account number which were linked were exposed publicly (Information on the Capital

3 One cyber incident, 2022). Over 1 million Social Insurance Numbers of Canadians

2 were exposed in this incident. This attack was executed by the formal employee of

Amazon Web Services Paige Thompson. The attack did not include any advance

1 hacking techniques such as zero-day exploit; rather, it exploited various well-known

vulnerabilities, such as Server-side request forgery (SSRF) and a weakness in AWS

EC2 service infrastructure (Walikar, 2019).

Figure 2 Capital one cyberattacks

11 Paige Thompson targeted a misconfigured web application firewall (WAF) that enabled

her to control Capital One server to make unauthorized request to the AWS server.

Through this attack she got access AWS metadata service which allowed her to get

6 temporary security credentials tied to an overprivileged Identity and Access

6 Management (IAM) role. Using these credentials, she got access to Capital one’s

Page 6 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 7 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

6 Amazon s3 storage bucket where sensitive customer data were stored. (Villa, N.d).

The Data breach exposed a major security flaw in cloud financial infrastructure drawing

attention to the danger of misconfiguration and overly permissive access controls. The

capital one first found out about data breach in July 2019 when they received tip that

stolen data had been posted on GitHub. Before company could respond millions of

10 sensitive personal and financial data had already been accessed, including Social

Security numbers, credit card applications, and bank account details (N.d, 2019).

After the discovery of the breach, capital one instantly reacted to limit the extent of the

issue and prevent additional damage. The company work alongside law enforcement

and cybersecurity professional to investigate the issue and identify the vulnerability

which they took advantage of. The company also informed affected customer and

1 provided them with free credit monitoring and identity protection services. To address

the issue, the company implemented tighter security practices, including more

advanced surveillance systems, constant security audits, and better configuration

management protocols (Guha, 2024).

To prevent such occurrences in the future, Capital One implemented several steps.

First, the organization performed security checks on a regular basis to identify

misconfigurations and vulnerabilities. These audits examined firewall configurations,

access controls, and other security configurations closely. Second, Capital One

employed Advanced monitoring system to rapidly detect and respond to anomalous

8 activities and access patterns. These included automated notifications, as well as

security information and event management (SIEM) solutions and intrusion detection

systems (IDS) (Guha, 2024).

Page 7 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 8 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

2. Social Issues

The capital once data breach raised many social concerns related to cyber security

privacy and public trust in banking institutions. The compromise of personal data

including banking information and social security numbers left mullions of customer

vulnerable to the threats of financial fraud and identity theft (Stone, 2020). The victims

of this cyber-attack had to take major security measures such as fraud alerts and credit

card monitoring which furthermore increased the financial weightage to the individual.

Page 8 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 9 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

Below there are five social issues that came up after the capital one incident

1. Heavy decline in confident in financial institution

The data breach heavily impacted the confidence of the people particularly of lower-

income households who heavily relay on banking services to protect their private data.

More than 100 million people were affected in this scandal, among them many people

began to question the reliability of online banking services. After the incident the

survey that was conducted which showed that over 60% of customers reported a loss

of confidence in online banking services (Chin, 2024).

1 2. Increase in the risk of identity theft and financial misconduct

After capital one incident banking details, social security number and personal

information of millions of people were released openly on the internet which heavily

increase the risk of identity theft of millions of people. Victims were forced to bare

costly preventative methods such as signing up for credit card monitoring services and

many more (Stone, 2020). As the reliance of people on digital means increases the

risk of identity theft increases along in 2023 nearly 4.3million American an people were

victims of identity theft in first nine months with the total lost staking over 6 billion

dollar (DiNard, 2023).

3. Anxiety about data security and privacy in cloud-based environment

The incident burst public debate over the ethics of cloud components and data

storage. Capital one decision to store sensitive private information of public customers

on a third-party infrastructure like Amazon AWS with insuring highest level of security

raised concerns over the responsibility of corporate organization (Noonan, N.D). The

thread of data leaks and unauthorized access cause heavy risk of

Page 9 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 10 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

tainting users' confidence in cloud service providers. To counter such issues the

corporate authorities must notice a clear define policies and regulatory system to

protect sensitive data.

4. Uncertainty about how well data protection laws is being regulated

The capital one incident highlighted the gaps that existed in the digital protection

regulations particularly regarding cloud-based infrastructure. Critics voiced concerns

about the lack of effective regulation and insisted new cybersecurity rules and

regulations that reflect the dynamic threat environment. The breach Emphasized the

need for stronger legal guidelines and corporate management protocols to prevent

future cyber-attacks (Knowles, 2024).

5. Increasing risk for people with limited resources

The capital one data breach affected insecure population, particularly lower income

people who are to use digital banking services as a means to access basic banking

and financial services. Unlike customer with high wealth these group of individual lack

resources or financial literacy that are necessary to reduce the effect of such large-

scale data breach. They were therefore made even more prone to financial exploitation

and identity theft.

Page 10 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 11 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

3. Ethical Issue

The capital one data breach raises major ethical concerns, especially around

company’s responsibility and how it uses to handle and protect sensitive data of the

consumers. First of all, the initial fear was that Capital One, despite being known as

the first one to adopt cloud computing technology in banking sector, was unable to

provide necessary security to data security (Capital One, 2022). These situations raise

important questions about whether technological innovations at Capital One came at

the expense of the protection of the company's customers' information. Below are the

five major ethical concerns raised by the capital one data breach:

1. Failure to maintain data security protocols

The failure of capital one corporation to implement enough control to counter incoming

security threads such as misconfigured firewall and too much permissive access

control. By ignoring proper secure its cloud infrastructure capital, one reviled the

sensitive personal information and private information of millions of its

customers (Blazdell, 2024). This failure highlights mirrors a breach of ethical

responsibility that a big corporate organization must secure its customer data and

preserve trust among its customers.

2. Ethical practice in cloud infrastructure

Cloud computing is one of the revolutionary forces, yet its ethical responsibility must

Page 11 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 12 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

not be overlooked. The increase in the adoption of cloud infrastructure has presented

serious ethical challenges, majorly around data privacy and security. As from the

capital one incident outsourcing the storage of sensitive data in the likes of cloud-

based infrastructure like AWS with out implementing highest level of security measures

is an ethical issue in terms of risk accountability. This incident calls attention to the

moral responsibility of a corporate organization to ensure reliable protection of user

data particularly with third party cloud storage services (Popat, 2025).

3. Lack of information sharing with customers

Another major ethical concern is the lack of transparency between corporation and the

customers during the breach. Capital One got to know about the incident only when

the third party notified them with in which the sensitive information of capital one

3 customer have already been released in the public premises (Information on the

Capital One cyber incident, 2022). In today world transparency beings trust and loyalty,

hiding important information to the customer destroyed their trust and signed a

breakdown in customer loyalty, honest communication especially when

their own sensitive data is at risk is very crucial (Nab, 2024).

4. Accountability in maintaining public trust

The moment a big corporate organization gains access to sensitive personal data it

takes on not only a technical responsibility but also ethical responsibility to safeguard

the data. In capital one’s case the disclosure of the data breach was not only delayed

but was discovered by a third-party media which took questions about the capital one’s

accountability toward public trust. In this digital era where trust is limited, and

transparency is expected a big organization such as Capital One must prioritize

Page 12 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 13 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

accountability by addressing security issues openly to the affected individuals.

5. Absence of security checks ahead of time

2 The capital one data breach was caused due to the misconfigured firewall in the

company cloud system which was a small mistake which could be easily avoided but

due to the lack of frequent security check protocols sensitive information of millions of

people were compromised. Had Capital One frequently conducted security checks of

its systems, the misconfiguration would have been easily discovered and fixed before

the data breach happened. Ethical risk analysis is necessary in today's high-risk digital

environment to prevent harm, ensure accountability, and maintain public trust (Klein,

2024).

There are many ethical issues that arise from capital one data breach including

negligence in protecting consumers data and concerning lack of transparency about

the data breach to public. The disparity low-income consumer getting less protection to

threads compare to wealthier clients. These issues highlight the need for stronger data

security regulations and fair treatment for all customers which highlights the

importance for analysing this matter from multiple ethical perspective. From Utilitarian

Perspective which determine right from wrong by focusing on outcomes (Utilitarianism,

N.d) the capital one incident impacted all the customer, employees and stakeholder

must be evaluated to determine whether the company action prioritized profit or

prioritize the security of customer data. A deontological approach which is an ethical

theory that uses rules to distinguish what is right from wrong (ethicsunwrapped, N.d),

highlights capital one moral responsibility to protect sensitive data of its consumers

Page 13 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

 Page 14 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388

and be open about the data breach, which raised the question if the company fulfilled

its ethical responsibilities or not.

Additionally applying social justice theory which highlights the power dynamics

between and among different groups (Garcia, 2023) highlights the power inequality in

protection for low-income clients compare to high income clients which raised concern

4 about the equality in data security practices. Lastly the Corporate social responsibility

(CSR) is a self-regulating business model that helps a company be socially

accountable to itself, public and stake holder. (Fernando, 2024) shows the capital

one’s responsibility to ethical standards its role in society, forcing the company to take

preventive steps in preserving customers data. By analysing the data breach through

this ethical perspective, it became clear that stronger data security practices, greater

transparency, and equitable treatment for all consumers are necessary for building

trust and ensuring better security.

Page 14 of 14 - Integrity Submission Submission ID trn:oid:::3618:89656388