CYBERSECURITY: Why the Capital One breach is unlike any other major hack.

The incident involved theft of more than 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital One customers, allegedly stolen by a single insider, according to court filings in Seattle.

The details set it apart from breaches of companies like Equifax and Marriott, which were attacked from the outside by criminals with a nation-state connection. It’s also different from the spate of ransomware attacks against major U.S. cities, which were likely committed by groups of individuals outside the U.S.

Instead, according to the indictment of Paige Thompson, she was able to exploit a loophole in a Capital One cloud server’s firewall to gain access to the information.

Thompson had several social media accounts listing experience as an engineer working for Amazon. Even if Thompson was employed at Amazon, it may not have been a factor in the incident.

Amazon Web Services “was not compromised in any way and functioned as designed,” Amazon said in a statement, adding that the reason for the breach was a misconfiguration of firewall settings managed on the cloud server by Capital One, not a vulnerability in the cloud server itself.

Every one of these financial firms ought to have white-hat hackers work full-time on their IT staffs, with generous bonuses for each vulnerability found.