Capital One reveals huge data breach by hacker
Capital One has announced that a hacker obtained personal information about over 100 million customers during a data security incident in March, reports Jane Connolly.
An external security investigator notified Capital One on 17 July and the breach was confirmed on 19 July. The FBI has arrested the alleged hacker and taken them into custody.
The Financial Times reports that the suspect is Paige Thompson, a former Amazon Web Services employee. She was arrested earlier this week and appeared in court in Seattle.
In a statement, Capital One confirmed that the breach affected around 100 million individuals in the US and approximately six million in Canada. The company says that no credit card numbers, log-in credentials or social security numbers, were compromised.
The bulk of the information exposed related to consumers and small businesses who applied for Capital One credit cards between 2005 and early 2019. Details compromised included names, addresses, postcodes, phone numbers, email addresses, date of birth and self-reported income.
Some credit card customer data was also exposed, including status information such as credit scores, balances and payment histories, along with fragments of transaction data from a total of 23 days between 2016 and 2018.
Capital One says it immediately addressed the configuration vulnerability in its infrastructure that had enabled the “highly sophisticated individual” to hack the system.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” says Capital One chairman and CEO, Richard D Fairbank. “I sincerely apologise for the understandable worry this incident must be causing those affected and I am committing to making it right.”
The company will offer free credit monitoring and identity protection to everyone affected. Capital One expects the incremental costs of the incident to reach between $100 million and $150 million in 2019.