Culture 3 min read

Millions of Capital One Customers Affected by Data Breach

Image courtesy of Shutterstuck

Image courtesy of Shutterstuck

One of the largest banks in the United States, Capital One, has announced Monday that one of its cloud-based servers had been breached. The hacking incident saw the personal information of over 100 million Capital One customers stolen.

Capital One discovered the breach last July 19th. However, court documents revealed that the data theft might have occurred between March 12th and July 17th.

While the American bank has not disclosed the name of its cloud service provider, court papers mentioned that the stolen information was stored in S3. S3 refers to Amazon Web Services‘ storage software, Simple Storage Service.

A representative for AWS admitted that the data stolen from Capital One was indeed stored in its cloud storage. However, it was not accessed through any vulnerabilities in the AWS system. Instead, the thief was able to penetrate the system through a misconfigured firewall on one of the bank’s applications.

Former AWS Employee Stole Infos of Capital One Customers

On Monday, FBI agents arrested former Amazon Web Services employee Paige A. Thompson in connection with the hacking incident. The 33-year-old tech engineer last worked for Amazon in 2016.

Thompson, who goes by the code name ‘Erratic,’ made her appearance in a Seattle federal court yesterday. Prosecutors charged her with computer fraud and abuse.

Capital One said in a press release that Thompson was able to obtain “personal information relating to people who had applied for its credit card products and to Capital One credit card customers.”

However, the bank believes that Thompson has not used the information she stolen in any fraudulent transactions or has disseminated it.

Capital One CEO, Richard Fairbank, said in a statement:

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

Stolen Information

The information taken from the server includes the collected data of Capital One customers who applied for credit cards from 2005 to 2019. These include:

  • names
  • addresses
  • zip codes
  • phone numbers
  • email addresses
  • birth dates
  • self-reported income

Aside from the credit card application data, Thompson also stole some portions of the credit card customer data, including:

  • Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

While there were no bank accounts compromised in the incident, the hacker took the Social Security numbers of around 140,00 Capital One customers. She also stole about 80,000 linked bank account numbers of secured credit card customers.

Canadian Capital One customers were also affected by the breach, with around 1 million Social Security numbers compromised.

An investigation is still ongoing, and Capital One is cooperating with law enforcement to resolve the case immediately. The bank said that it will notify all affected customers and will offer them free credit monitoring and identity protection.

Read More: Equifax Hacked And Everything You Need To Know About It

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comments (0)
Least Recent least recent
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.