Capital One says information of over 100 million individuals in U.S., Canada hacked

Authored by reuters.com and submitted by Traitor_Orange

(Reuters) - Capital One Financial Corp (COF.N) said on Monday that personal information including names and addresses of about 100 million individuals in the United States and 6 million people in Canada were obtained by a hacker who has been arrested.

The suspect, a 33-year-old former Seattle technology company software engineer identified as Paige Thompson, made her initial appearance in U.S. District Court in Seattle on Monday, the U.S. Attorney’s office said.

According to a complaint filed in the District Court for the Western District of Washington at Seattle, Thompson posted information from her hack, which occurred between March 12 and July 17, on coding platform GitHub. Another user saw the post and notified Capital One of the breach.

Law enforcement officials were able to track Thompson down as the page she posted on contained her full name as part of its digital address, the complaint said. Capital One said it identified the hack on July 19.

Related Coverage New York attorney general to probe Capital One data breach

A representative for the U.S. Attorney’s office said it was not immediately clear what the suspect’s motive was.

The incident is expected to cost between $100 million and $150 million in 2019, mainly because of customer notifications, credit monitoring and legal support, Capital One said.

The hacker did not gain access to credit card account numbers, but about 140,000 Social Security numbers and 80,000 linked bank account numbers were compromised, Capital One said. Other personal information accessed included phone numbers and credit scores.

About 1 million social insurance numbers of the company’s Canadian credit card customers were also compromised.

FILE PHOTO: The logo and ticker for Capital One are displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 21, 2018. REUTERS/Brendan McDermid

The Capital One hacker was able to gain access to the data through a misconfigured web application firewall, the U.S. Attorney’s office said.

Credit-reporting company Equifax Inc (EFX.N) said last week it would pay up to $700 million to settle claims it broke the law during a 2017 data breach when roughly 147 million people had information, including Social Security numbers and driver’s license data, compromised.

Capital One shares fell 4 percent in late extended trading.

Sarkastik_Madman on July 30th, 2019 at 01:04 UTC »

Capital One's statement:

We will make free credit monitoring and identity protection available to everyone affected.

Perfect timing—the free monitoring they gave me for their last breach is expiring soon.

pm-me-neckbeards on July 29th, 2019 at 23:51 UTC »

Cool maybe I can sign up for another $125 check.

Actual__Wizard on July 29th, 2019 at 23:50 UTC »

Capital said it identified the hack on July 19 and the individual responsible has been arrested by the Federal Bureau of Investigation.

That's great that they got arrested but I think my personal information has been compromised about 7 or 8 times now and we really need to start punishing companies for not keeping our information secure...