Hacking financial holding Capital One led to a leak of 106 million people’s data

American bank Capital One reported a compromise that occurred on March 22-23, 2019.

Because of the hacking, leaked data of more than 100 million Americans and 6 million Canadians, who applied to the bank for a credit card during the period from 2005 to 2019.

As a result, information from these applications, including names, addresses, postal codes, telephone numbers, email addresses, dates of birth, and income data, fell into the hands of third parties.

What is worse, in addition to the abovementioned data from applications, the hacker managed to access some information on credit cards of bank customers, for example, data on credit ratings and limits, balances, payment history, as well as contact information and transaction fragments for 23 days in 2016, 2017 and 2018 years.

Read also: German banks refuse to support authorization by one-time SMS-code

The burglar also gained access to one million Canadian social security numbers, more than 140,000 US social security numbers and 80,000 bank account numbers.

Representatives of the bank explain that in order to penetrate the Capital One network, the criminal took advantage of the “vulnerability in configuration”, which was corrected on July 19, as soon as it became known about the hacking.

“We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected”, — claimed in Capital One.

However, Capital One is sure that the stolen information was not used by fraudsters.

Interestingly, the man who allegedly compromised the bank is already arrested.

Paige A. Thompson
Paige A. Thompson

Law enforcement authorities arrested 33-year-old Seattle resident Paige A. Thompson, aka Erratic, a former employee of Amazon Web Services Inc.

According to an official statement by the Justice Ministry, Thompson mentioned the compromise of Capital One in the comments on GitHub, and used the wrong firewall configuration to penetrate the network. On July 17, 2019, a vigilant user drew attention to the words of Thompson, who informed representatives of the bank about what was happening.

As a result, Thompson was arrested last Monday, and a search was conducted in her house, during which they managed to find “data storage devices containing a copy of information stolen from Capital One”.

“Though am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right”, – said Richard D. Fairbank, Chairman and CEO of Capital One.

Currently, Thompson remains in custody, and she was charged in accordance with the federal law “On Computer Fraud and Abuse.” The specialist faces up to five years in prison and a fine of up to $ 250,000.

About Capital One

Capital One Financial Corporation ( is a financial holding company whose subsidiaries, which include Capital One, N.A., and Capital One Bank (USA), N.A., had $254.5 billion in deposits and $373.6 billion in total assets as of June 30, 2019. Headquartered in McLean, Virginia, Capital One offers a broad spectrum of financial products and services to consumers, small businesses and commercial clients through a variety of channels. Capital One, N.A. has branches located primarily in New York, Louisiana, Texas, Maryland, Virginia, New Jersey and the District of Columbia. A Fortune 500 company, Capital One trades on the New York Stock Exchange under the symbol “COF” and is included in the S&P 100 index.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button