Capital One has become the latest high profile brand to suffer a mass data breach, although the credit card giant only found out about the incident after the hacker boasted about her exploits on the online forum for tech boffins GitHub.
The attack has exposed the personal details of 100 million people in the US and 6 million Canadians, including names, addresses and phone numbers of people who applied for its credit card products. However, Capital One insists the hacker did not gain access to credit card account numbers but did steal credit scores, limits, balances, payment history and contact information.
Even so, the firm said in a statement that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US. While in Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
Capital One said the hacker was able to exploit a “configuration vulnerability” in the company’s infrastructure and said it will now notify those affected and will provide them with free credit monitoring and identity protection.
The US Justice Department has confirmed it has arrested former Seattle technology company software engineer in Paige Thompson in connection with the breach. She was arrested yesterday (July 29) on charges of computer fraud and abuse. A hearing has been scheduled for tomorrow (August 1).
Court documents claim she boasted about the data breach on an online forum. A statement by the US attorney’s office in Washington said: “On July 17 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft.”
Thompson faces a maximum sentence of five years in prison and a $250,000 (£204,713) fine.
Capital One chairman Richard Fairbank said in a statement: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”
UK firms battered by one hack attack every 50 seconds
Over 40% of firms suffered cyber breach in past year
Top tourist attractions hit by 110m data theft attacks
Data security chiefs pay soars to €1m as GDPR looms
TNT Express rocked as cyber attack wipes out $300m