One of the United State’s biggest financial corporations has exposed the personal and economic data of a huge amount of customers through a massive data breach.
Capital One reported on Monday that 140,000 Social Security numbers from its credit card customers, 80,000 linked bank account details and 1 million Canadian Social Insurance numbers had been exposed. In a statement, the company has said that “this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”
Phone numbers, credit scores, credit limits and names and addresses were also left unprotected in the breach which is thought to have happened on the 22nd and 23 of March this year.
However, log-in details and credit card numbers were kept safe and the bank has said that 99% of Social Security numbers were not affected.
It is thought that the data hack will cost the bank $100 million to $150 million.
A suspect is charged
Paige A. Thompson uncovered herself as having some involvement when she shared the stolen information on the software development site, GitHub.
The suspect was arrested and charged with computer fraud and abuse. Authorities have said that the arrestee was working online under the name “erratic” and was investigated for “exfiltrating and stealing information, including credit card applications and other documents, from Capital One.”
In the statement, Richard D. Fairbank, chairman and CEO of Capital One said, “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened…I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Discovering the breach
Although the company said they spotted the breach earlier this month, lia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented on the worry of how long it took the bank to realize that this hack had happened. He said, “Given Capital One’s [comparatively] immense capacity to invest into cybersecurity and the allegedly trivial nature of the vulnerability, such protracted detection timeline is incomprehensibly huge.”
He also gave the advice that “Victims should now carefully monitor their credit scores and be extremely cautious about any abnormal activities with their accounts. If the data was stolen and sold, we may expect a wave of sophisticated spear-phishing.”