An astounding 106 million accounts and credit card applications belonging to mega finance corporation Capital One's customers have been illegally accessed as a result of a recent hack into the company's systems. The breach occurred in March and was discovered on July 19. It has now been fixed. The purported hacker has also been apprehended.
Capital One's statement on the matter suggests the information has not yet been disseminated by the hacker, identified by the US Department of Justice as Paige Thompson, or used for fraud. It mainly consisted of personal information and did not contain credit card numbers or password information.
Capital One provided an inventory of the information compromised - which belongs to 100 million US customers and 6 million Canadians - as follows:
- names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
No bank account numbers or Social Security numbers were compromised, other than:
- About 140,000 Social Security numbers of our credit card customers
- About 80,000 linked bank account numbers of our secured credit card customers
One million Social Insurance Numbers belonging to Canadian customers were also leaked.
Capital One's CEO, Richard D. Fairbank, apologised for the breach and issued the following statement:
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.
Thompson, the individual arrested for hacking the bank holding company, was apparently caught after she was found boasting about the hack on online forums. She was apprehended at her Seattle home on July 29, along with several digital devices, and is set to have a hearing in court on August 1.
Those affected by the breach will be provided free credit monitoring and identity protection services by Capital One. These and other expenses stand to cost the company anywhere from $100 to $150 million.