Capital One announces massive data breach impacting 100M customers

The company estimates the breach affected around 100 million individuals.
Publish date:

A data breach at Capital One saw a hacker gained access to 100 million customer accounts and credit card applications.

The company announced in a press release that an unauthorized individual accessed personal information of Capital One credit card users and those who had applied for cards.

Capital One became aware of this breach on July 19 and announced the incident Tuesday. The company has said it will make free credit monitoring services available for 10 years to compromised customers, or offer a payment of $125.

Consumers and small businesses who applied for card between 2005 and 2019 were the biggest targets. Information like names, addresses, phone numbers, email addresses and incomes, credit card statuses and credit scores were compromised in an undisclosed number of cases.

Around 140,000 U.S. Social Security numbers were compromised, along with 80,000 linked bank account numbers of secured credit card customers.

Other data taken includes "fragments of transaction data from a total of 23 days during 2016, 2017 and 2018."

The company says "over 99 percent of Social Security numbers" were untouched, while credit card numbers and log-in credentials were also unaffected.

Around 6 million total individuals in Canada were affected, with around 1 million Social Insurance Numbers compromised.

On Monday, the U.S. Department of Justice announced a former Seattle tech worker had been arrested for the breach. Paige Thompson made her first court appearance in Seattle Monday, with a hearing set for Aug. 1.

Follow BringMeTheNews on LinkedIn

Thompson gained access to Capital One data through a misconfigured firewall, according to the Department of Justice. Thompson posted on the sharing site GitHub about the data she had obtained, which was used to report her to Capital One and later the FBI, according to the criminal complaint.

Capital One states the incident was a result of a “highly sophisticated individual” and that the vulnerability in its system was immediately addressed.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One Chairman and CEO Richard D. Fairbank in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

The company estimates the incident will result in incremental costs of around $100 million to $150 million. This comes largely from legal costs, consumer notifications and technology costs, according to the press release. 

Next Up

Adam Thielen

Vikings place Adam Thielen on COVID-19/reserve list

Thielen is coming off a two-touchdown game against the Cowboys.

MCF Oak Park Heights

COVID-positive inmate at Oak Park Heights prison dies

He becomes the fourth prison inmate to die from the virus.

Screen Shot 2020-11-23 at 1.08.19 PM

2-ton smoker stolen from Twin Cities chef Thomas Boemer

Boemer is the chef behind restaurants including the popular Revival.

Governor Tim Walz

Walz says relief package is coming for Minnesota small businesses

Walz is prepared to call a special session and pass the package immediately.

Governor Tim Walz

Watch live: Gov. Tim Walz COVID-19 press conference Monday

Walz will be introducing a new app that helps Minnesotans track COVID-19 exposures.


Dunn brothers

Data breach impacts card users at Dunn Bros., Sebastian Joe's

A Minnesota company that provides point-of-sale services has confirmed a breach.

Target has to pay $18.5M over that massive data breach

In 2013, hackers got into Target's system and stole info from millions of card users.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

Al Franken tears into former Equifax CEO over the data breach

Franken questioned the former CEO over the massive data breach.

First Delta, now Best Buy caught up in data breach

The Richfield company confirmed its customers are affected by the hack.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

Data breach at DoorDash compromises nearly 5 million accounts

The food delivery service says some users should reset their passwords.