Capital One Financial Corp. said data from about 100 million people in the US was illegally accessed after prosecutors accused a Seattle woman of breaking into the bank's server at a cloud-computing company.
However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised", the company said.
"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right".
While Thompson used a VPN and The Onion Router (TOR) exit nodes to hide her activities on S3, she posted files related to the illegal data access on open source code repositories Github and Gitlab using accounts bearing her full name according to FBI investigators. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
The complaint says Thompson boasted in Twitter direct message about having obtained the data, saying she had "basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it".
The bank says it will contact the affected customers and make free credit monitoring and protection available to them. Thompson is now awaiting trial, and could face up to five years in prison and a $250,000 fine.
According to Capital One, the stolen data was likely never used for fraud or shared with other groups, although the investigation continues. The data theft occurred some time between March 12 and July 17, federal prosecutors in Seattle said. The cloud-computing company, on whose servers Capital One rented space, wasn't identified in court papers.
It hasn't even been a week since Equifax settled with the FTC over a massive data breach in 2017, another major financial institution has reported a hacking incident that has just as massive a reach.
Update, July 29, 6.03pm PT: Adds statement and additional details from Capital One.
Four students killed at protest
The SPA posted a video showing hundreds of students protesting in Obeid, with gunshots echoing in the background. The military stepped in in April, launching a coup and arresting him.