A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a Seattle woman as a suspect in the case.Here is a look at what was and was not breached, according to Capital One.
When was it found?
Capital One said it determined on July 19 that there was "unauthorized access" by someone on the outside.
What was accessed?
- 140,000 Social Security numbers of Capital One credit card customers.
- 80,000 linked bank account numbers of Capital One credit card customers
- 1 million Social Insurance Numbers of Canadian Capital One customers.
- Information on consumers and small businesses when they applied for a credit card between 2005 and 2019. This could include names, birth dates, self-reported income, addresses, zip codes, phone numbers and email addresses.
- Some customer credit scores, credit limits, balances and payment history were also compromised, along with some transaction data from a total of 23 days between 2016-2018
Has anyone used the stolen information?
The company says it does not believe the information has been used in a fraudulent way, but it is continuing its investigation
What is Capital One doing in the aftermath?
The company says it is offering free credit monitoring and identity protection to all those whose information was accessed. The company also says it immediately fixed the "vulnerability" that allowed someone to gain access.
Who is the suspect?
Paige A. Thompson was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. She allegedly goes by the handle "erratic."
According to the FBI complaint, someone emailed Capital One on July 17 notifying it that leaked data had appeared on the code-hosting site GitHub, which is owned by Microsoft.
And a month before that, the FBI said, a Twitter user who went by "erratic" sent another user direct messages warning about distributing the bank's data, including names, birthdates and Social Security numbers. That user later reported the message to Capital One.
"Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it," one said. "I wanna distribute those buckets i think first."