Capital One announced it experienced a data breach affecting more than 100 million credit card applicants. Photo courtesy Tdorante10/Wikimedia Commons
July 29 (UPI) -- Capital One announced Monday that a data breach exposed more than 100 million credit card applications as well as thousands of Social Security and bank account numbers.
The Virginia-based bank announced that on July 19 it determined a hacker gained unauthorized access to its systems and obtained personal information of 100 million credit card applicants and customers in the United States and 6 million in Canada.
In addition to the credit card application data, the individual also obtained credit scores, credit limit balances, payment history, contact information, fragments of transaction data from 23 days between 2016-18, about 140,000 Social Security numbers and 80,000 bank account numbers.
Capital One said about 1 million Canadian Social Insurance numbers also were compromised.
No credit card account numbers or log-in credentials were compromised, Capital One said.
The bank said it immediately fixed the vulnerability that led to the breach and will notify affected individuals in addition to provide them free credit monitoring and identity protection.
The FBI arrested a Seattle woman, Paige A. Thompson, on charges of computer fraud and abuse in relation to the breach, court documents released Monday indicate.
FBI special agent Joe Martini said Thompson posted 700 folders of Capital One customers' data on the software-hosting platform GitHub.
Martini added that Thompson made statements on social media referencing having illegally obtained data from Capital One.
Based on Thompson's posts, the FBI determined she intended to "disseminate data stolen from victim entities, starting with Capital One."
"Although some of the information in those applications (such as Social Security numbers) has been tokenized or encrypted, other information, including applicants' names, addresses, dates of birth and information regarding their credit history, has not been tokenized," the FBI said.
Capital One CEO Richard D. Fairbank issued an apology to customers on behalf of the bank.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what happened," Fairbank said. "I sincerely apologize for the understandable worry this incident must be causing and I am committed to making it right."