Capital One has revealed that personal information, including Social Security and bank account numbers of more than 100 million people was stolen during a hack that led to the arrest of a Seattle woman.
Former software engineer, Paige A. Thompson, 33, is accused of stealing data from Capital One credit card applications in what is one of the top 10 largest data breaches ever, according to USA TODAY research.
Capital One said the data included names, addresses and phone numbers of people who applied for its products. The hacker did not gain access to credit card account numbers, the company said.
The alleged hacker made the mistake of boasting about the breach online and was consequently arrested the following Monday.
How many people are affected?
Capital One operates retail banks and is also a major credit card issuer.
A statement was released by the firm, saying the breach affected approximately 100 million individuals in the US and 6 million people in Canada, the BBC reports.
The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.
In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
The hack was identified on 19 July.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the company’s infrastructure.
Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.
How has Capital One reacted?
Capital One said it was unlikely the information was used for fraud but it would continue to investigate the breach.
The company will notify those affected and will provide them with free credit monitoring and identity protection.
Chairman Richard Fairbank said in a statement: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right. “
What do we know about the alleged hacker?
The US justice department has confirmed it has arrested a former Seattle technology company software engineer in connection with the breach.
33 year old Paige Thompson was arrested on Monday for computer fraud and abuse. Thompson appeared in federal court in Seattle and a hearing has been scheduled for August 1st.
Court documents claim she boasted about the data breach on an online forum.
A statement by the US attorney’s office in Washington said: “On July 17 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft.”
Ms Thompson faces a maximum sentence of five years in prison and a $250,000 (£204,713) fine.