Capital One, one of North America’s biggest credit card companies has confirmed that they experienced a major data breach. The breach affects over 100 million customers across the United States and Canada. The information stolen included Social Security numbers and bank account numbers, as well as relevant public information. This breach took place over a period of 5 months thought to be between March 12 and July 17.
The data hack was carried out be a sole individual who was a Capital One employee. The FBI has arrested Paige A. Thompson for carrying out this massive data hack.
This breach of security is now being called one of the top data breaches in US history. The breach was only discovered on July 19 and the company has been scrambling to work with federal law enforcement to catch the hacker. The security vulnerability that Thompson used has since been fixed.
CBS News
In a statement, Richard D. Fairbank, Capital One chairman and CEO, said
While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.
Large Batch of Data
According to reports, Thompson was able to get around 140,000 Social Security numbers along with 80,000 bank account numbers. This information breach is bad since the number and the account data could be used for identity theft and fraud.
Capital One says that most of the information was from customers who applied for credit cards between 2005 to 2019. Besides this important data, the hacker was also able to access personal information. This include names, addresses, phone numbers, email addresses, and dates of birth – all of which are used when applying for credit cards. Data on self-reported income has also been compromised.
The remaining bits of information that the hacker was able to get were just credit scores, limits, and balances. These were from various periods spread across 2016, 2017 and 2018. This breach is a big hit to Capital One and it is expected to cost the company between $100 to $150 million.
This is not the first time a major data breach has happened with a credit card company. Equifax recently had to pay penalties for a 2017 breach that affected 147 million Americans. The company made a deal with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 state governments. The deal required the company to pay $575 million, including $300 million allocated to free credit monitoring services, $175 million to the various states, and $100 million in flat penalties.