Massive data breach hits Capital One, affecting more than 100 million customers
Capital One said that personal information of more than 100 million individuals was compromised in a massive data theft.
Capital One said Monday that personal information of more than 100 million individuals, including Social Security numbers and bank accounts, was compromised in a massive data theft that led to the arrest of a Seattle woman.
Paige A. Thompson, 33, a former software engineer, is accused of stealing data from Capital One credit card applications in what is one of the top 10 largest data breaches ever, according to USA TODAY research.
The FBI arrested Thompson on Monday for the theft, which occurred between March 12 and July 17, court records show. Among the data allegedly collected from a company cloud-based server were Social Security and bank account numbers.
Capital One data breach fallout: How to protect yourself
According to the Department of Justice, Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an Aug. 1 hearing. Computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine.
The bank said "the largest category of information" accessed from applicants who applied for credit cards between 2005 and 2019 was personal information including names, addresses, phone numbers, email addresses, dates of birth and self-reported income.
Equifax will pay Americans hit by breach: Take these steps to file claim for $125 or more
About 140,000 Social Security numbers were accessed and 80,000 bank account numbers from credit card customers, Capital One said.
Other data obtained includes credit scores, limits, balances and “fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.”
Capital One said in a news release that “100 million individuals in the United States and approximately 6 million in Canada” were affected. The bank also set up a consumer website about the breach at www.capitalone.com/facts2019.
The breach was discovered July 19, and the company said it “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.”
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Richard Fairbank, Capital One chairman and CEO, said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right."
To prevent criminals from opening bank, utility and phone accounts in your name, you need more than a credit freeze. Here's what to do.
Last week, Equifax reached a deal with the Federal Trade Commission, Consumer Financial Protection Bureau and 50 states on the 2017 breach that affected approximately 147 million Americans.
The deal calls for Equifax to pay at least $575 million, including $300 million for free credit monitoring services, $175 million to states, the District of Columbia and Puerto Rico and $100 million in penalties to the CFPB.
And Monday, the Los Angeles Police Department reported a data breachexposing personal information of thousands of officers and applicants.
Capital One said in the release the incident is expected to cost between $100 to $150 million in 2019. Free credit monitoring and identity protection will be available to everyone affected, the company said.
Equifax settlement 2019: How to protect yourself beyond a credit freeze
Matt Schulz, chief industry analyst at CompareCards.com, said the breach is “yet another reminder of why it is so important to build fraud detection checks into your regular routine.”
He said bank accounts tied to secured credit cards also were compromised.
“These cards are favorites for those who are getting started with credit or who are rebuilding their credit and often have very little financial margin for error,” Schulz said. “There may not be a huge amount of money in these accounts, but it’s very important for cardholders with those accounts to keep as close a watch for fraud as any other type of credit cardholder.”
Follow USA TODAY reporter Kelly Tyko on Twitter: @KellyTyko
— Read on amp.usatoday.com/amp/1863259001