A Seattle woman, Paige A. Thompson, was charged this week in connection with the Capital One data theft impacting 106 million people. Both United States and Canadian customers were hit in this hack. According to Capital One, the breach occurred in March when the systems engineer exploited their systems.
Capital One first learned of the hack, when they received a tip on July 17 about the theft. The tip alerted them, that some of the leaked data was being stored on Github, an opensource software development platform. The suspicious account had the username, ‘Netcrave’, which had an attached resume with Thompson’s name.
The tip stated:
“There appears to be some leaked s3 data of yours in someone’s github / gist”
Thompson downloaded about 30 GB of data from a rented cloud data server. This data relates to credit card applications and Capital One credit card customers. A majority of stolen data involved consumers and small business who applied for credit card between 2005 and early 2019.
The stolen information comprises of personal information such as names, addresses, zip codes, phone numbers, email address, date of birth, and self-reported income. Further, segments of credit scores, credit limits, balances, payment history, and contact information were taken.
Additionally, about 140,000 social security numbers and 80,000 bank account number of US customers were stolen. About 1 million Social Insurance Numbers of Canadian credit customers was impacted as well.
While the hacker has been arrested and charged, Capital One is still conducting its investigation. It is unknown, how and if the stolen data was used.
Richard D. Fairbank, Chairman and CEO, of Capital One commented on the breach saying:
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened…I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Capital One will be notifying anyone who was affected. They will be providing free credit monitoring and identity protection everyone impacted. It is important that those affected in the breach take advantage of these services. Security experts also recommend that capital one customers monitor their banking activity for any suspicious activity. Further, passwords for all accounts should be changed.
Contact LIFARS immediately if your organization was hit with a data breach