A hacker successfully penetrated sensitive information from Capital One Financial Corp., the fifth-biggest U.S. credit-card issuer. Personal information of over 106 million people has been compromised, making this one of the most massive data breaches of a bank.
Other data that was accessed by the hacker were credit scores, limits, balances and “fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.”
Additionally, the Virginia-headquartered bank said in a news release about 140,000 Social Security numbers of its credit card customers and around 80,000 linked bank account numbers were compromised.
However, the most considerable bulk of information accessed was credit card application data between 2005 and 2009, which included names, addresses, phone numbers, email addresses, dates of birth, and self-reported income.
In total, Capital One said that “100 million individuals in the United States and approximately 6 million in Canada” were affected.
Fortunately, no credit card account numbers or log-in credentials were exposed, and over 99% of Social Security numbers were not affected, according to the bank.
The breach was discovered on July 19, but the hacking occurred on March 22 and 23. The company said it “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.”
Furthermore, Capital One also indicated that it is “unlikely that the information was used for fraud or disseminated by this individual,” but as a safety measure, the company is still investigating.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, Capital One chairman, and CEO said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”
The bank also set up a consumer website about the breach, which you can access here.
The latest proceedings highlight the fact that no institution is safe from the threat of cyberattacks, especially in the digital age, where knowledgable individuals can easily access sensitive private information.
In recent months, the number of cyberattacks involving the highjacking of people’s information has been seen in places such as Baltimore’s government and Florida. In both instances, hackers were able to leverage the need for government systems, which was held captive, to ask for financial return.
Similarly, Baltimore and Florida had easily accessible data centers that hackers were able to breach.
Both foretellings that more advanced preventive measures need to set in place to hinder hackers from easily accessing and waving personal information as a hostage.
In the recent case with the Capital One Bank’s hacking, the FBI has identified Paige A. Thompson, 33, a former software engineer and was arrested on Monday for the theft. Court records show that the act occurred between March 12 and July 17.
The criminal complaint alleged that Thompson posted the stolen data online on information sharing site GitHub and made statements on social media “evidencing the fact that she has information on Capital One, and that she recognizes that she has acted illegally.”
Paige, who lives in Seattle, had previously worked as a tech company software engineer for the cloud hosting company that Capital One was using, the Department of Justice said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.
Furthermore, the DOJ said that Thompson has made an initial appearance in the U.S. District Court in Seattle and is currently detained pending an Aug. 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.
Capital One said in the release that the incident is expected to cost between $100 to $150 million in 2019.
The company will also offer free credit monitoring and identity protection to everyone affected.
As a user, you can start protecting yourself from further damages by freezing your account. It prevents lenders from getting access to your credit report, which is mandatory for the credit card or loan application. It protects you in that the hacker who has stolen your personal information can’t open an account in your name and get access to the funds.
You can also check your credit card statement to make sure there are no fraudulent charges. Normally, this information arrives via mail at the end or start of the month, but these can now be accessed online. If there are discrepancies, you should let your bank know immediately.