Major financial services firm Capital One has announced that it had suffered a data breach affecting around 106 million of its customers. The details of the incident were provided in an official announcement published on Monday, July 29.
According to the press release, the data of 100 million U.S. and 6 million Canadian users was stolen during a hack that targeted Capital One’s financial services. The personal details stolen included names, addresses and phone numbers of the company’s customers. However, the credit card numbers were reportedly not leaked.
The company will notify the customers whose data has been compromised and provide them with free credit monitoring and identity protection. Capital One’s Chairman Richard Fairbank has apologized for the breach.
The alleged hacker, Paige Thompson, who reportedly used to work at Amazon Web Services, used a misconfiguration in Capital One’s web app to gain access to private data via an Amazon server. She then boasted about the attack on Twitter, Slack and Github, which drew the attention of the FBI.
Following the investigation, Thompson was arrested on charges of computer fraud and abuse. She is facing up to five years in prison and a $250,000 fine.
- The number of affected customers makes this case one of the largest hacks in the history of financial institutions. For comparison, in 2017, credit reporting agency Equifax faced a hack that exposed the personal data of nearly 150 million of its customers. Recently, the company agreed to pay a settlement of up to $700 million to the U.S. regulators to compensate the affected people.
- Another major hack took place in 2005, when a U.S.-based payment processing and technology provider Heartland Payment Systems reported a breach affecting 130 million customers. The hacker involved in the leak received a 20-year prison sentence.