Capitol One says a concerning data breach left at least 100 million Americans and 6 million Canadians’ personal information — including customer accounts and credit card applications — exposed.
The bank, headquartered in McLean, Virginia, learned of the hack earlier this month and revealed the incident occurred on March 22 and 23 of this year, according to a press release.
Upon discovering the breach, Capital One explained they “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” the press release states.
It is believed that exposed information was not used for fraud or “disseminated” by the hacker.
However, the breach remains under investigation.
The bank explained in the release that “the largest category of information accessed was information on consumer and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
According to the release, about 140,000 social security numbers of Capital One credit card customers were compromised as well as 80,000 linked bank account numbers of secured credit card customers.
In wake of the news, Capital One shared that they are notifying all of the affected individuals and “will make free credit monitoring and identity protection available to everyone affected.”
RELATED: Texas Woman Who Embezzled $1.2M From Job Kills herself in Walmart Parking Lot Hours Before Sentencing
Capital One revealed the hacker responsible has been arrested by the FBI and remains in custody.
The US Department of Justice identified the alleged hacker as a Seattle woman named Paige A. Thompson.
Prior to the incident, Thompson, 33, worked as a technology company software engineer, the US Department of Justice said in a press release. She was arrested on Monday.
According to the US Department of Justice, Thompson announced what she had done on the information sharing site GitHub.
“The intrusion occurred through a misconfigured web application firewall that enabled access to the data,” the US Department of Justice said.
Seattle Tech Worker arrested for data theft involving large financial services company — Used knowledge of servers and cloud storage to steal data from millions of credit applications https://t.co/IHy1zPiTW0
— WDWAnews (@WDWAnews) July 29, 2019
“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” US Attorney Moran said. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”
Agents searched Thompson’s home on Monday and seized electronic storage devices containing copies of the data.
She appeared in court in Seattle on Monday and will be detained pending a hearing on August 1.
An attorney for Thompson could not immediately be found.
According to the US Department of Justice, computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine.
Capital One Chairman and CEO Richard D. Fairbank has since spoken out about the incident.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” he said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”