Capital One, the US bank, said on Monday that it had suffered a massive data breach, reporting that an outside hacker obtained the personal data of more than 100m customers and applicants for its credit cards.
About 100m individuals based in the US and 6m in Canada had their information compromised in the breach, according to a statement by Capital One, which is among the top credit card issuers in America.
The breach took place in late March but was not discovered until this month, the company said, adding that it would notify those affected and make “free credit monitoring and identity protection” available to them.
The alleged hacker, Paige Thompson, was arrested on Monday and appeared in court in Seattle, according to court records. Prosecutors have moved to keep her in jail ahead of her trial. She was charged with one count of computer fraud and abuse.
Ms Thompson worked as a systems engineer at an unnamed cloud computing company from 2015 to 2016, according to an FBI affidavit filed in her case. Her online resume said she worked at Amazon Web Services from May 2015 to September 2016. Amazon Web Services declined to comment.
The data theft revelations come just days after the credit reporting agency Equifax agreed to pay almost $800m in a record US settlement after a 2017 hack that exposed the personal data of close to 150m people.
In the case of Capital One, the hacker largely tapped the personal information of consumers and small businesses that applied for credit card products between 2005 and 2019, collecting names, addresses and phone numbers, self-reported income, credit scores and payment history, among other personal information.
About 1.1m Canadian social insurance and US social security numbers* and 80,000 linked bank
account numbers were also accessed, Capital One said.
