Capital One data breach affects 100 million people
Stolen data includes personal information from credit card applications from 2005 through early 2019
Capital One has suffered a massive data breach, exposing the personal information of more than 100 million people. The hack was allegedly orchestrated by a former Amazon employee and the stolen information included personal information from credit card applications, including names, addresses, zip/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Amazon handles Capital One’s cloud database.
No credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, the company said in a statement. Capital One acknowledged the data breach, saying it affected “approximately 100 million individuals in the United States and approximately 6 million in Canada.”
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, chairman and CEO. "I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right."
Federal authorities have arrested former Amazon employee, Paige A. Thompson, over the hack. They said Thompson, who had previously worked for Amazon Web Services, stole the data from the bank’s credit card applications in March, according to Bloomberg. AWS spokesman have confirmed that the company’s cloud had stored the Capital One data that was stolen, and said it wasn’t accessed through a breach or vulnerability in AWS systems.
Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody. "Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate."
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
- About 140,000 Social Security numbers of Capital One credit card customers
- About 80,000 linked bank account numbers of Capital One secured credit card customers