MCLEAN, Va. (WRIC) — Capital One, the Virginia-based bank announced Monday that earlier this month ‘an outside person’ obtained information relating to people who had applied to Capital One credit cards.
In a press release, Capital One says the breach of data has affected 100 million individuals in the United States and 6 million in Canada.
According to Capital One, the data breach took place on July 17. An internal investigation led to the discovery of the incident on July 19.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, Chairman and CEO said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Capital One says the information accessed pertained to people who had applied to one of their credit card products from 2005 through early 2019.
The Department of Justice said a Seattle tech worker was arrested for data theft involving large financial services company, Capital One.
33-year-old Paige A. Thompson was arrested and charged for computer fraud and abuse. According to the criminal complaint, Thompson allegedly posted on GitHub about her theft of information from the servers storing Capital One data.
GitHub alerted Capital One, who then called the FBI.
“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” U.S. Attorney Moran said. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”
Computer fraud is punishable by up to five years in prison and a $250,000 fine.
Capital One said the hacker was able to collect the ‘personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.’
The company says they will make free credit monitoring and identity protection available to everyone affected.
The data breach is expected to cost Capital One approximately $100 to $150 million.
Capital One says it will notify all customers affected by the breach in the coming days.