Capital One data breach affects 100M credit card applicants

Capital One data breach affects 100M credit card applicants

The data relates to 100 million Capital One credit card applicants and holders in the USA and 6 million in Canada.

While the breach of Capital One's Amazon Web Services' cloud server started in March, the bank wasn't aware of the infiltration until a security researcher notified the company through its responsible disclosure email on July 17.

The U.S. Attorney's Office in the Western District of Washington State said Monday that Paige A. Thompson, a 33-year-old former technology company software engineer, was arrested for the data theft.

Are you among the Canadians who have been directly affected by the Capital One data breach?

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened", Richard Fairbank, the company's chairman and CEO, said in a statement.

The GitHub site contained Thompson's full name, the complaint says.

- Capital One Canada also has a partnership with Hudson's Bay Co., in which credit for the Canadian retailer and SaksFirst's cardholders are extended by Capital One Canada.

The information included names, addresses, phone numbers, postal codes, email addresses, birthdates and self-reported income.

Ten days after Capital One was alerted to the vulnerability, Thompson posted about "several companies, government entities and educational institutions", which an FBI Cyber Squad investigator said appeared to be references to other data breaches she "may have committed", according to the complaint.

None of Erratic's postings suggest Thompson sought to profit from selling the data taken from various Amazon cloud instances she was able to access.

The call for the investigation comes less than a day after Capital One announced the breach. If found guilty, Ms Thompson faces up to five years in federal prison and a fine of up to $250,000 (£204,000 and dropping fast, cheers Boris). But whether this is your inaugural go-around or you already know the drill, this is still a first for Capital One.

Thompson will remain behind bars in federal custody leading up to a scheduled court appearance on Thursday, August 1.

The swiped data includes 140,000 Social Security numbers and 80,000 bank account numbers, we're told, and covers all applicants between 2005 and early 2019.

Capital One said everyone affected by the breach will receive free credit monitoring and identity protection.

In addition, the Equifax breach settlement will provide all US consumers six extra free credit reports a year for seven years, starting in 2020.

Unfortunately, this isn't the first massive breach of a financial services company in recent years and it nearly certainly won't be the last. "While there were hundreds of millions of records leaked, only a small percentage of those records contained social security information or banking information and there is no indication at this time that the data was distributed beyond the identified individuals", he added.

Related Articles