Massive breach hits Capital One
More than 100 million customers affected by theft of data
Capital One said Monday personal information, including Social Security and bank account numbers, of more than 100 million individuals was compromised in a massive data theft that led to the arrest of a Seattle woman.
Paige A. Thompson is accused of stealing data from Capital One credit card applications in what is one of the top 10 largest data breaches ever, according to USA TODAY research.
The FBI arrested Thompson Monday for the theft, which occurred between March 12 and July 17, court records show. Among the data allegedly collected from a company cloud-based server were Social Security and bank account numbers.
The bank said “the largest category of information” accessed from applicants who applied for credit cards between 2005 and 2019 was personal information including names, addresses, phone numbers, email addresses, dates of birth and self-reported income.
About 140,000 Social Security numbers were accessed and 80,000 bank account numbers from credit card customers, Capital One said.
Other data obtained includes credit
scores, limits, balances and “fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.”
Capital One said in a news release that “100 million individuals in the United States and approximately 6 million in Canada” were affected. The bank also set up a consumer website about the breach at www.capitalone.com/facts2019.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Capital One chairman and CEO, in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Last week, Equifax reached a deal with the Federal Trade Commission, Consumer Financial Protection Bureau and 50 states on the 2017 breach that affected approximately 147 million Americans.
The deal calls for Equifax to pay at least $575 million, including $300 million for free credit monitoring services, $175 million to states, the District of Columbia and Puerto Rico and $100 million in penalties to the CFPB.
Capital One said the incident is expected to cost between $100 million to $150 million in 2019.