- Capital One says it was hit with a data breach, affecting an estimated 100 million US individuals and approximately 6 million in Canada.
- Paige A. Thompson, a former software engineer, was arrested Monday by FBI in Seattle.
- She appeared in court and was charged with a single count of computer fraud and abuse, which carries a sentence of up to five years in prison and a $250,000 fine.
- Visit Business Insider’s homepage for more stories.
Capital One says it was hit with a data breach, affecting an estimated 100 million US individuals and approximately 6 million in Canada, according to a press release published Monday.
Here’s what was compromised:
- According the Capital One statement, the largest category of information that was accessed pertained to consumers and small businesses, who applied for credit cards between 2005 and early 2019, which includes personal information from credit card applications, such as names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
- Data involving transactions and customer status was also accessed, including credit scores, credit limits, balances, payment history, and contact information.
- Approximately 140,000 credit card customers’ Social Security numbers
- Approximately 80,000 of credit card customers’ linked bank account numbers
- Approximately 1 million social insurance numbers of Canadian credit card customers
"Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised," according to Capital One. "We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected."
Paige A. Thompson, a former software engineer, was arrested Monday by FBI in Seattle, according to a press release from the Justice Department. She appeared in court and was charged with a single count of computer fraud and abuse, which carries a sentence of up to five years in prison and a $250,000 fine.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One Chairman and CEO Richard D. Fairbank said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
Thompson was arrested on a criminal complaint, according to a statement by Justice Department, after she posted about her theft information on the sharing site GitHub. Another user flagged the posts to Capital One on July 17 on the possibility of data theft. Capital One contacted the FBI two days later once it confirmed there had been an intrusion into its data.
Capital One said in the statement that "this type of vulnerability is not specific to the cloud," as the elements involved are "common to both cloud and on-premises data center environments."
While it’s not clear which cloud provider CapitalOne is referring to in its press release, it’s extremely likely that it’s the market-leading Amazon Web Services — the two companies announced a partnership back in 2016 that would see CapitalOne become one of Amazon’s highest-profile cloud customers in the financial services industry.
This story is developing and will be updated accordingly as more details emerge.
- An American family who moved to Nicaragua for a year to live cheaply ended up blowing their $30,000 budget thanks to unexpected costs — but still spent less than life at home in the US
- We checked out the neighborhood where Amazon is building a new 43-story tower in Bellevue, its tallest office building yet
- Facebook hit with additional $100 million fine for ‘misleading disclosures’ about data misuse in wake of Cambridge Analytica scandal