Home / Tech / Capital One says it was hit with data breach, affecting tens of millions of credit card applications

Capital One says it was hit with data breach, affecting tens of millions of credit card applications

FILE PHOTO: The logo and ticker for Capital One are displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 21, 2018. REUTERS/Brendan McDermid

  • Capital One says it was hit with a data breach, affecting an estimated 100 million US individuals and approximately 6 million in Canada.
  • Paige A. Thompson, a former software engineer, was arrested Monday by FBI in Seattle.
  • She appeared in court and was charged with a single count of computer fraud and abuse, which carries a sentence of up to five years in prison and a $250,000 fine.
  • Visit Business Insider’s homepage for more stories.

Capital One says it was hit with a data breach, affecting an estimated 100 million US individuals and approximately 6 million in Canada, according to a press release published Monday.

Here’s what was compromised, according Capital One:

  • The largest category of information that was accessed pertained to consumers and small businesses, who applied for credit cards between 2005 and early 2019. The data accessed included personal information from credit card applications, such as names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
  • Data involving transactions and customer status was also accessed, including credit scores, credit limits, balances, payment history, and contact information.
  • Approximately 140,000 credit card customers’ Social Security numbers
  • Approximately 80,000 of credit card customers’ linked bank account numbers 
  • Approximately 1 million social insurance numbers of Canadian credit card customers

“Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised,” according to Capital One.

“We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.”

Paige A. Thompson, a former software engineer, was arrested Monday by FBI in Seattle, according to a press release from the Justice Department. She appeared in court and was charged with a single count of computer fraud and abuse, which carries a sentence of up to five years in prison and a $250,000 fine.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Capital One Chairman and CEO Richard D. Fairbank said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Capital One said it expects the incident to cost $100 to $150 million in 2019, stemming from “customer notifications, credit monitoring, technology costs, and legal support.”

Thompson was arrested after she posted about the theft of information on the sharing site GitHub, the Department of Justice alleged in a Monday statement. Another user flagged the posts to Capital One on July 17 on the possibility of data theft. Capital One contacted the FBI two days later once it confirmed there had been an intrusion into its data. The breach occured on March 22 and 23, 2019.

Capital One said in the statement that “this type of vulnerability is not specific to the cloud,” as the elements involved are “common to both cloud and on-premises data center environments.”

While it’s not clear which cloud provider Capital One is referring to in its press release, it’s extremely likely that it’s the market-leading Amazon Web Services — the two companies announced a partnership back in 2016 that would see Capital One become one of Amazon’s highest-profile cloud customers in the financial services industry.

This story is developing and will be updated accordingly as more details emerge.

Join the conversation about this story »

NOW WATCH: Why Apple’s Mac Pro ‘trash can’ was a colossal failure