Capital One Financial Corporation, one of the largest banks in the United States, revealed on Monday it suffered a breach. The data breach exposed 100 million customer accounts and credit card applications.
Based on the press release by the company, unauthorized user access occurred last March 22 and 23 of 2019. On July 19, 2019, Capital One found out about the breach via ethical security researchers. Immediately after finding out about the breach, the company fixed the vulnerability, states CNN.
The list of compromised information includes Social Security numbers, Canadian Social Insurance numbers, and bank account numbers. Other sensitive information accessed by the hacker includes full names, addresses, zip codes, phone numbers, email addresses, and birth dates. Data from self-reported income remain compromised as well.
The hacker identified as Paige Thompson reportedly worked as a tech company software engineer for a cloud hosting company. According to CNN, Capital One used the resources of the cloud hosting company, which Thompson used to access the information.
Authorities charged Thompson with computer fraud and abuse, state CNBC. Going by the alias “erratic,” the Seattle-based hacker “was investigated for exfiltrating and stealing information.” Following the accusations, the Federal Bureau of Investigation (FBI) arrested Thompson Monday night.
CNBC narrates that the hacker will attend a hearing on August 1, 2019. Criminal complaints surrounding the case disclose the hacker passed the information to GitHub, said CNN.
Although the hacker mined sensitive information, the financial corporation believes “it is unlikely that the information was used for fraud.” Capital One also believes that the information was not “disseminated by this individual.” Regardless of the financial corporation’s belief, Capital One will continue conducting a full-on investigation.
Despite news of the arrest, chairman and chief executive officer Richard D. Fairbank expressed his regrets regarding the situation. Fairbank says, “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.” Fairbank also “apologize[s] for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The company expects the financial repercussions to amount to $100 to $150 million in 2019 alone. This amount includes credit monitoring, customer notifications, legal support, and other technology costs, reveals Capital One in its press release.
In line with these, the company intends to undertake specific measures to address the concerns of its clients. Besides notifying affected individuals, it will also provide free credit monitoring and identity protection services.