SEATTLE — On the heels of last week’s agreement by Equifax to pay at least $700 million to settle lawsuits over a 2017 customer data breach, including up to $425 million in monetary relief to consumers, comes Monday’s announcement that a hacker gained access to personal information from more than 100 million Capital One credit applications.
Federal authorities arrested 33-year-old Paige A. Thompson of Seattle, who goes by the handle “erratic”, and charged her with a single count of computer fraud and abuse.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.
Capital One said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
According to the FBI complaint, someone emailed the bank two days before that notifying it that leaked data had appeared on the code-hosting site GitHub, which is owned by Microsoft.
Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the U.S. and 6 million in Canada.
The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Capital One CEO Richard D. Fairbank. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”