Capital One data breach affects 100M customers
Capital One said Monday that the data of 100 million U.S. customers was illegally accessed in a breach that federal prosecutors said was perpetrated by a Seattle woman who allegedly hacked the bank's server at a cloudcomputing company.
Six million Canadian customers were also affected.
Federal prosecutors said that sometime between March 12 and July 17, Paige A. Thompson, 33, of Seattle hacked Capital One's rented server space.
The Department of Justice alleges that Thompson “posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data.”
The agency said that Thompson accessed the data by exploiting a misconfigured firewall. Capital One said in a statement that it had fixed the problem and that the data was likely not used for fraud or distributed by the hacker.
The company said that data from consumer and small business credit card applications filed between 2005 and 2019 made up the largest portion of stolen information. Applicants' names, addresses, phone numbers and dates of birth, as well as financial data including self-reported income, credit scores and fragments of transaction history were all part of the theft.
The bank said around 140,000 Social Security numbers and 80,000 bank account numbers were also accessed.
It said “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised.”