Capital One is a major credit card company used by millions of people in the United States alone. However, a recent turn of events involved over 100 million exposed identities because of the Capital One data breach.
Updated on 23 May 2022
Capital One Data Breach 2019
During the time of March 12 and July 17, data was illegally stolen by a woman in Seattle who broke into the bank’s server from a cloud-computing company. Paige A. Thompson was the culprit behind the Capital One credit card data breach. She was swiftly arrested by the authorities last Monday and appeared in federal court.
Richard D. Fairbank, Capital One’s chief executive officer, apologized to the public for this incident “I sincerely apologize for the understandable worry this incident must be causing those affected.”
In addition to the 100 million in the United States, there were also 6 million customers affected in Canada. The data stolen included over 140,000 Social Security numbers, as well as 80,000 bank account numbers from credit-card customers. The largest category of accessed data was from customers and small businesses that applied for credit cards from 2005 to early 2019. In an article by Bloomberg, they stated that the stolen information included “personal identification data, including names, addresses, phone numbers and dates of birth, and financial data including self-reported income, credit scores, and fragments of the transaction history.”
But it appears that the personal data was still kept under wraps and hadn’t been used yet. “Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” the company wrote. “However, we will continue to investigate.”
How did the Capital One credit card data breach happen?
Capital One contracted a cloud computing company wherein Thompson was also assigned to. The credit card company said that the hacker was a “highly sophisticated individual who was able to exploit a specific configuration vulnerability in our infrastructure.”
The company also said that most (but not all) of the data was encrypted. But because Thompson ad access to the system, she was easily able to decrypt some of the data.
Contrary to how it may seem, Thompson was quite proud of her work and even took to posting about her conquest online. She wrote under the name ‘erratic’ and wrote “I’ve basically strapped myself with a bomb vest, [expletive] dropping capital ones dox and admitting it,” according to the FBI.
She even posted a list of the files she had already taken. “I wanna get it off my server that’s why I’m archiving all of it lol … it’s all encrypted,” she stated in court.
The thing is, Capital One only knew about the breach through an online posting and then reported it to the FBI.
Has Capital One had a data breach?
After being taken to federal court last Monday, Thompson broke down after being charged for a single count of computer fraud. She could possibly be facing a maximum of 5 years in prison and a $250,000 fine for her crime.
Thompson was faced with charges accusing her of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One,” according to court papers. Other stolen information included credit scores, credit limits, balance, as well as payment information. In addition, about a million Canadian Social Insurance numbers were also illegally accessed.