More than 100 million Capital One customers have had personal information accessed by a hacker, the bank and credit card company revealed Monday. More than 100 million credit card applications from the US and Canada were accessed along with around 140,000 Social Security numbers, 80,000 bank account numbers, and nearly one million social insurance numbers in Canada.
It is one of the largest data breaches of a financial services company, rivaling Equifax's 2017 breach that compromised the personal data of 147 million. Paige Thompson, a Seattle-area resident who worked as a software engineer, was arrested by the FBI on charges of computer fraud and abuse. The arrest was made quickly because the suspect talked about it through various online channels.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Richard Fairbank, chairman and chief executive of Capital One, said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right."
At the moment, the company, which became aware of the incident on July 19, has not made it clear how customers can determine if their information was part of the hack. Capital One says it will notify affected individuals "through a variety of channels" and will make credit monitoring and identity protection services available for free to those individuals.
The company says it "immediately fixed the configuration vulnerability that this individual exploited." It also says that no credit card numbers or log-in credentials were stolen. Additionally, 99% of Social Security numbers on credit card applications were not compromised.