A hacker gained access to the personal information of over 100 million individuals applying for credit with Capital One Financial Corp. (NYSE: COF). The FBI has reportedly arrested the person in Seattle. Capital One chairman and CEO Richard D. Fairbank said in a press release, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The breach was discovered on July 19 and apparently occurred between March 12 and July 17. The hacker got scores of information, including names, addresses, phone numbers, email addresses, dates of birth and self-reported income. About 140,000 customers who used their Social Security number as their employer identification number in applying for small-business credit cards had their Social Security number exposed, and roughly 80,000 bank account numbers from credit card customers were taken. The affected applicants applied for credit cards between 2005 and 2019.
Capital One said that it “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.” Court records state a woman, identified as Paige A. Thompson, has been arrested on charges of computer fraud and abuse. The records show that Thompson previously worked at an unidentified cloud-computing company that provided data services to Capital One.
Thompson was apparently caught after bragging about her exploits online. According to a criminal complaint signed by FBI special agent Joel Martini, Thompson “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally.” Computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine.
The hack appears to be one of the largest data breaches ever to hit a financial services firm. Capital One said in its statement that the incident is expected to cost the company between $100 to $150 million in 2019.