Capital One said data from about 100 million people in the US was illegally accessed after prosecutors accused a Seattle woman identified by Amazon.com Inc.as one of its former cloud service employees of breaking into the bank's server. Capital One credit card applications include the option for consumers to provide their social insurance number, but only some applicants choose to provide it.
Paige A. Thompson, 33, is charged with computer fraud and abuse in a criminal case filed Monday in federal court in Seattle.
"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right". Only last week Equifax, the credit reporting company, announced a $700 million settlement over its own 2017 data breach that impacted half of the US population.
It didn't take Capital One long to figure out who had accessed its files. On Monday, it announced that about 100 million people in the USA had been impacted by the breach, and another 6 million in Canada. Several hours later, Capital One put out a statement acknowledging the breach and explaining how it's expected to impact the McLean, Va. -based banking giant. The FBI also believes that Thompson owns a Twitter account which contacted Capital One on July 18 stating that it was in possession of social security numbers.
Approximately 100 million people in the United States and 6 million in Canada were affected, Capital One said.
Other victims had names, addresses, phone numbers, email addresses, birthdates, credit scores, and self-reported incomes stolen - all information supplied by customers and small businesses who applied for Capital One credit cards between 2005 and 2019. All those impacted will also receive free credit monitoring and identity theft insurance, including Canadians, a Costco Canada spokeswoman confirmed.
Monitor your account activity by taking Capital One up on its offer for free credit monitoring and identity protection - this information should be provided in the alert message, but feel free to reach out to Capital One if it's not.
As evidence of this alleged negligence, the lawsuit claims that Capital One had "ample warnings of weaknesses and risks to its systems" stemming from multiple past security breaches.
Thompson reportedly accessed 88,000 credit card accounts, 140,000 social security numbers, and other sensitive data. "Thompson meant to disseminate data stolen from victim entities, starting with Capital One".
"It is becoming far too commonplace", she said in a statement, "that financial institutions are susceptible to hacks, begging the questions: Why do these breaches continue to take place?"
According to the complaint, the Federal Bureau of Investigation searched a bedroom believed to belong to Thompson and seized "numerous digital devices".
That would indicate that Thompson formerly worked for Amazon, although searches for her resume weren't immediately successful. The hacker faces up to five years in prison and a $250,000 fine.