An American hacker has been arrested after obtaining information of over 100 million people — including 6 million Canadians — from Capital One Financial Corporation.
According to Capital One, a financial group that offers Mastercard credit card services in Canada, the security breach occurred on July 19th, and the hacker was arrested ten days later on July 29th by the FBI.
In total, authorities believe that the hacker, 33-year-old Paige A. Thompson, managed to obtain the personal information of approximately 100 million Americans and roughly 6 million Canadians.
Capital One believes that Thompson was able to access the information on consumers and small businesses that applied for a credit card between 2005 to early 2019. The data collected includes information the Capital One routinely collects when they receive a credit card application, like names, addresses, zip/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
The financial group also believes that Thompson obtained portions of customer data, including credit scores, credit limits, balances and payment history.
Lastly, the hacker gained access to the approximately 1 million Canadian Social Insurance Numbers, 140,000 American Social Security numbers, and 80,000 bank account numbers linked to credit card customers.
Accounts and log-in credentials safe
Capital One stresses that they do not believe that the information obtained was used for fraud or disseminated to others before Thompson was arrested, and that no credit card account numbers or log-in credentials were compromised. In total, 99% of the Social Security numbers recorded by the financial group were unaffected.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO of Capital One in a statement.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Following the security breach, Capital One promised to notify every customer affected by the hack and will launch a free credit card monitoring and identity protection program.
Details released by the FBI
According to the Federal Bureau of Investigation (FBI), the hacker was a former Seattle technology company software engineer who posted about her theft of information online.
Thompson allegedly boasted about her Capital One breach on the software website GitHub. Investigators say that another GitHub user alerted Capital One to Thompson’s posts, and after confirming that there was data theft the financial group contacted the FBI.
On Monday, July 29th, authorities arrested Thompson, who then appeared in U.S. District Court in Seattle. She is now being held in custody until her next hearing on August 1st, 2019.
Investigators believe that Thompson was able to access Capital One data through a “misconfigured web application firewall”.
“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” said U.S. Attorney Moran in a statement.
“I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”
Thompson is facing charges of Computer Fraud and Abuse, which is punishable by up to five years in prison and a $250,000 fine in the US.