Capital One announces massive data breach impacting 100M customers

The company estimates the breach affected around 100 million individuals.
Publish date:

A data breach at Capital One saw a hacker gained access to 100 million customer accounts and credit card applications.

The company announced in a press release that an unauthorized individual accessed personal information of Capital One credit card users and those who had applied for cards.

Capital One became aware of this breach on July 19 and announced the incident Tuesday. The company has said it will make free credit monitoring services available for 10 years to compromised customers, or offer a payment of $125.

Consumers and small businesses who applied for card between 2005 and 2019 were the biggest targets. Information like names, addresses, phone numbers, email addresses and incomes, credit card statuses and credit scores were compromised in an undisclosed number of cases.

Around 140,000 U.S. Social Security numbers were compromised, along with 80,000 linked bank account numbers of secured credit card customers.

Other data taken includes "fragments of transaction data from a total of 23 days during 2016, 2017 and 2018."

The company says "over 99 percent of Social Security numbers" were untouched, while credit card numbers and log-in credentials were also unaffected.

Around 6 million total individuals in Canada were affected, with around 1 million Social Insurance Numbers compromised.

On Monday, the U.S. Department of Justice announced a former Seattle tech worker had been arrested for the breach. Paige Thompson made her first court appearance in Seattle Monday, with a hearing set for Aug. 1.

Follow BringMeTheNews on LinkedIn

Thompson gained access to Capital One data through a misconfigured firewall, according to the Department of Justice. Thompson posted on the sharing site GitHub about the data she had obtained, which was used to report her to Capital One and later the FBI, according to the criminal complaint.

Capital One states the incident was a result of a “highly sophisticated individual” and that the vulnerability in its system was immediately addressed.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One Chairman and CEO Richard D. Fairbank in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

The company estimates the incident will result in incremental costs of around $100 million to $150 million. This comes largely from legal costs, consumer notifications and technology costs, according to the press release. 

Next Up