News and HeadlinesNational News

Actions

Capital One says hacker got access to more than 100 million credit card applications

Posted
and last updated

In one of the biggest-ever data breaches, a hacker gained access to more than 100 million Capital One customers' accounts and credit card applications earlier this year.

The compromised data includes 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.

Paige Thompson, 33, was arrested in connection with the breach, the Justice Department said Monday. The department alleges that Thompson "posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data."

Thompson had previously worked as a tech company software engineer and was able to gain access by exploiting a misconfigured web application firewall, the DOJ said.

Capital One said the hack occurred March 22 and 23. The company indicated it fixed the vulnerability and said it is "unlikely that the information was used for fraud or disseminated by this individual." However, the company is still investigating.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," said Capital One CEO Richard Fairbank in a statement.

The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.

However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company said.

Capital One said it will notify people affected by the breach and will make free credit monitoring and identity protection available. The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.

It is not immediately clear if Thompson has an attorney representing her.