Capital One revealed Monday that 100 million credit card applications had been accessed, resulting in thousands of Social Security and bank account numbers being left at risk.
Dubbed one of the largest data breaches to hit a financial services firm, the Capital One hack is expected to cost the company between $100 million and $150 million.
The FBI compliant says that although some SS numbers had been tokenised or encrypted, information such as names, addresses, dates of birth and credit history had not. The data at risk includes “likely tens of millions of applications and approximately 77,000 bank account numbers.”
However, the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security numbers on the applications.
After a number of online boasts under the online alias ‘erratic’, Seattle-based Paige A. Thompson was arrested on computer fraud and abuse charges and on suspicion of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One,” according to a criminal complaint filed in federal court.
Paige formerly worked for Amazon Web Services, which hosted the Capital One database that was breached. She will remain in jail pending a detention hearing on Thursday.
Richard D. Fairbank, Capital One’s chairman and chief executive, apologised: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
This news comes soon after the meme-worthy $700 million Equifax data breach settlement which left a staggering 147 million people vulnerable in 2017.