Capital One Financial Corporation announced this week that on July 19, 2019, a hacker gained unauthorized access to the personal information of people who had applied for its credit card products and to Capital One credit card customers.
Capital One says it immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested Paige Thompson, a former engineer, who is accused of downloading more than 100 million U.S. Capital One customers’ personal information. Based on Capital One analysis to date, the company believes it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Approximately 6 million customers in Canada were also affected.
While Capital One contends that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019 was accessed. This includes personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, Thompson also obtained portions of credit card customer data, such as:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, and contact information.
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
Company officials say no bank account numbers or Social Security numbers were compromised, other than about 140,000 Social Security numbers of our credit card customers and approximately 80,000 linked bank account numbers of its secured credit card customers.
For Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.
Capital One says it will notify affected individuals through a variety of channel, and make free credit monitoring and identity protection available to everyone affected.