Capital One announced that a hacker had accessed about 100 million credit card applications, as well as thousands of Social Security and bank account numbers.
The company revealed Monday (July 29) that on July 19 it discovered that there was unauthorized access by an outside individual, adding that it immediately fixed the configuration vulnerability that was exploited and immediately notified federal law enforcement.
The Washington Post reported that the FBI has arrested a Seattle area woman, Paige A. Thompson, on a charge of computer fraud and abuse.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, Capital One’s chairman and chief executive, said in a press release. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Based on the company’s current analysis, the breach impacted about 100 million individuals in the United States and around 6 million in Canada. Capital One stressed that credit card account numbers and log-in credentials were not compromised, while more than 99 percent of Social Security numbers were not impacted.
“Although some of the information in those applications (such as Social Security numbers) has been tokenized or encrypted, other information including applicants’ names, addresses, dates of birth and information regarding their credit history has not been tokenized,” the FBI complaint said, and the bank told the bureau that the data includes “likely tens of millions of applications and approximately 77,000 bank account numbers.”
The hack is expected to cost the company between $100 million and $150 million in the near term.
Thompson was apprehended so quickly because of statement she made on social media “for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,” according to the criminal complaint signed by FBI special agent Joel Martini.
She is suspected of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One,” and was ordered to remain in jail pending a hearing scheduled for later this week.
Thompson previously worked at an unidentified cloud computing company that provided data services to Capital One.