Photo: Raymond Boyd/Getty Images
Capitol One says a concerning data breach left at least 100 million Americans and 6 million Canadians’ personal information — including customer accounts and credit card applications — exposed.
The bank, headquartered in McLean, Virginia, learned of the hack earlier this month and revealed the incident occurred on March 22 and 23 of this year, according to apress release.
Upon discovering the breach, Capital One explained they “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” the press release states.
However, the breach remains under investigation.
The bank explained in the release that “the largest category of information accessed was information on consumer and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
According to the release, about 140,000 social security numbers of Capital One credit card customers were compromised as well as 80,000 linked bank account numbers of secured credit card customers.
In wake of the news, Capital One shared that they are notifying all of the affected individuals and “will make free credit monitoring and identity protection available to everyone affected.”
The US Department of Justiceidentified the alleged hackeras a Seattle woman named Paige A. Thompson.
Prior to the incident, Thompson, 33, worked as a technology company software engineer, the US Department of Justice said in a press release. She was arrested on Monday.
According to the US Department of Justice, Thompson announced what she had done on the information sharing site GitHub.
“The intrusion occurred through a misconfigured web application firewall that enabled access to the data,” the US Department of Justice said.
“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” US Attorney Moran said. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”
Agents searched Thompson’s home on Monday and seized electronic storage devices containing copies of the data.
She appeared in court in Seattle on Monday and will be detained pending a hearing on August 1.
An attorney for Thompson could not immediately be found.
Capital One Chairman and CEO Richard D. Fairbank has since spoken out about the incident.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” he said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
source: people.com
