Cap­i­tal One data breach af­fects 100M cus­tomers

Lodi News-Sentinel - - LOCAL / NATION - By David Matthews

Cap­i­tal One said Mon­day that the data of 100 mil­lion U.S. cus­tomers was il­le­gally ac­cessed in a breach that fed­eral prose­cu­tors said was per­pe­trated by a Seat­tle woman who al­legedly hacked the bank's server at a cloud­com­put­ing com­pany.

Six mil­lion Cana­dian cus­tomers were also af­fected.

Fed­eral prose­cu­tors said that some­time be­tween March 12 and July 17, Paige A. Thomp­son, 33, of Seat­tle hacked Cap­i­tal One's rented server space.

The Depart­ment of Jus­tice al­leges that Thomp­son “posted on the in­for­ma­tion shar­ing site GitHub about her theft of in­for­ma­tion from the servers stor­ing Cap­i­tal One data.”

The agency said that Thomp­son ac­cessed the data by ex­ploit­ing a mis­con­fig­ured fire­wall. Cap­i­tal One said in a state­ment that it had fixed the prob­lem and that the data was likely not used for fraud or dis­trib­uted by the hacker.

The com­pany said that data from con­sumer and small business credit card ap­pli­ca­tions filed be­tween 2005 and 2019 made up the largest por­tion of stolen in­for­ma­tion. Ap­pli­cants' names, ad­dresses, phone num­bers and dates of birth, as well as fi­nan­cial data in­clud­ing self-re­ported in­come, credit scores and frag­ments of trans­ac­tion his­tory were all part of the theft.

The bank said around 140,000 So­cial Se­cu­rity num­bers and 80,000 bank ac­count num­bers were also ac­cessed.

It said “no credit card ac­count num­bers or log-in cre­den­tials were com­pro­mised and over 99% of So­cial Se­cu­rity num­bers were not com­pro­mised.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.