Capital One announced on Monday that data of over 100 million customers in the US was compromised due to an unauthorized breach. The hacker obtained information related to credit card applicants and customers of Capital One. Though the person responsible for this incident is arrested, the investigation is still in progress. Capital One shares fell 4% in after-hours trading after this announcement.
The firm reported that apart from the US, approximately 6 million individuals in Canada were affected by this incident. The hacker responsible for this occurrence – Paige A. Thompson – was arrested by the FBI on Monday and was charged for computer fraud and abuse in the U.S. District Court in Seattle. Thompson was able to obtain credit card application data (names, addresses, phone numbers, email addresses, dates of birth, and self-reported income of applicants) along with credit card customer data (credit scores, credit limits, balances, payment history, contact information and parts of transaction data).
Capital One also reported that Social Security numbers of around 140,000 credit card customers, linked bank account numbers of about 80,000 customers and, Social Insurance Numbers of around 1 million Canadian customers were compromised in this incident.
The Associated Press reported that the bank was notified regarding the leaked data which was seen on Github by someone two days before the announcement. The purpose of this breach was to use the information gained for fraud. But no such reports of fraud have been recorded yet, the company reported. The firm said that the vulnerability which affected elements of both cloud and on-premise data centers has been fixed immediately.
After this announcement, Capital One’s Chairman and CEO, Richard D. Fairbank said, “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.” He added, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The incident is supposed to generate incremental costs of approximately $100 to $150 million in 2019 to cover customer notifications, credit monitoring, technology costs, and legal support. The company announced that free credit monitoring and identity protection will be made available for customers affected by this incident.