Capital One data breach involves 'tens of millions' of credit card applications

Capital One data breach involves 'tens of millions' of credit card applications

Officials with Capital One announced Monday the company has suffered a data breach involving about 100 million people in the United States.

Capital One, based in McLean, Virginia, said it found out about the vulnerability in its system on July 19 and immediately sought help from law enforcement to catch the perpetrator.

The FBI arrested a 33-year-old tech worker named Paige A. Thompson, who goes by the name "erratic", according to court documents.

Capital One Financial Corp. said data from about 100 million people in the US was illegally accessed after prosecutors accused a Seattle woman of breaking into the bank's server at a cloud-computing company.

However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised", the company said.

"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right".


While Thompson used a VPN and The Onion Router (TOR) exit nodes to hide her activities on S3, she posted files related to the illegal data access on open source code repositories Github and Gitlab using accounts bearing her full name according to FBI investigators. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.

The complaint says Thompson boasted in Twitter direct message about having obtained the data, saying she had "basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it".

The bank says it will contact the affected customers and make free credit monitoring and protection available to them. Thompson is now awaiting trial, and could face up to five years in prison and a $250,000 fine.

According to Capital One, the stolen data was likely never used for fraud or shared with other groups, although the investigation continues. The data theft occurred some time between March 12 and July 17, federal prosecutors in Seattle said. The cloud-computing company, on whose servers Capital One rented space, wasn't identified in court papers.

It hasn't even been a week since Equifax settled with the FTC over a massive data breach in 2017, another major financial institution has reported a hacking incident that has just as massive a reach.

Update, July 29, 6.03pm PT: Adds statement and additional details from Capital One.

Related:

Comments

Latest news

Stranger Pushes Woman, Son Off Platform Into Train's Path
She added that the man had meant to push a third person on to the track, "but she was able to defend herself". Police say the motive is unclear and that it appears the suspect has no connection to the victims.

Dead body discovered in home of African Premier League star
Investigators in the Egyptian city went to the scene to carry out the pertinent investigation and to identify the body. According to the website 24.ae, the dead body was found "in the patio" at his home which is now under construction.

Nintendo Announces Super Smash Bros. Ultimate Presentation featuring Masahiro Sakurai
If you have some replays that you created in the game from a match, what you need to do is head to the home screen of the game. On top of this news of the new DLC character Hero , comes news about a new update to the Super Smash Bros .

More rainfall and thunderstorms on way with weather warning issued
The Met Office has issued a yellow weather warning as another thunderstorm is set to hit Leeds this week. The thunderstorm could cause flash flooding or deep floodwater causing damage to homes and businesses.

Indian Family Caught Stealing Accessories From Bali Hotel, Video Goes Viral
In an Instagram post on Saturday, police confirmed that the incident took place at the The Royal Purnama hotel in Sukawati. A video of an Indian family getting caught stealing accessories from a hotel in Bali is taking the internet by storm.

Other news