Financial services firm Capital One has suffered a major data breach in the US, with a hacker stealing the details of over 100 million people.
Financial services company Capital One has reportedly been hit with a major data breach as records pertaining to over 100 million customers were stolen. Capital One has admitted that the attacker stole 140,000 US social security numbers of customers and 80,000 bank account numbers, with the data stolen affecting 100 million US citizens and 6 million in Canada.
US-based software engineer Paige Thompson has been arrested on suspicion of committing the data theft after she publicly boasted about the hack online. Gizmodo reports that she purportedly posted "I’ve basically strapped myself with a bomb vest, dropping capital ones dox and admitting it" to Slack and posted about the attack on Twitter. She was allegedly able to breach Capital One's retail banking system due to a firewall misconfiguration.
Data stolen includes names, dates of birth, credit scores, account payment histories, contact information, and details of credit applications made by millions of customers, but so far it seems to have been limited to data on US customers. No details have yet emerged of any customers affected in the UK or throughout the EU, so this data breach is unlikely to have any GDPR implications.
Capital One Chairman and CEO Richard D. Fairbank apologised for the breach, saying: "While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
Court documents indicated that Thompson is being charged with computer fraud and abuse, facing a maximum sentence of five years in prison and a fine of $250,000 US if convicted. Capital One believes it unlikely that the information stolen was disseminated or used for financial fraud before Thompson was arrested.
Source: Gizmodo, BBC News, Capital One