Coverage: Hacker gains access to data of 100 million customers of Capital One
A hacker was arrested yesterday for the alleged breach of the security systems of Capital One gaining access to the data of 106 million people.
Gene Johnson had the news for AP:
A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .
Paige A. Thompson — who also goes by the handle “erratic” — was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.
The FBI raided Thompson’s residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and “other entities that may have been targets of attempted or actual network intrusions.”
The BBC reported:
Capital One said the data included names, addresses and phone numbers of people who applied for its products.
But the hacker did not gain access to credit card account numbers, it said.
The data breach is believed to be one of the largest in banking history.
How many people have been affected?
Capital One is a major credit card issuer in the US and also operates retail banks.
The firm said in a statement released on Monday that the breach affected approximately 100 million individuals in the US and 6 million people in Canada.
The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.
In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
The hack was identified on 19 July.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the company’s infrastructure.
Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.
CNN’s Rob McLean said:
Capital One (COF) said the hack occurred March 22 and 23. The company indicated it fixed the vulnerability and said it is “unlikely that the information was used for fraud or disseminated by this individual.” However, the company is still investigating.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Capital One CEO Richard Fairbank in a statement.
Capital One said it will notify people affected by the breach and will make free credit monitoring and identity protection available. The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.
Capital One’s stock was down 4% after hours late Monday night.