Capital One, the US’s seventh-largest commercial bank has become the latest US business to suffer a major data breach in recent years.

At the beginning of this week, the Virginia-based bank announced that the details of more than 100 million US credit card applicants – as well as six million in Canada – had been exposed in a data breach.

The Social Security numbers of around 140,000 credit card customers, along with 80,000 linked bank account numbers were compromised in the breach.

As well as the credit card application data, the hacker also obtained portions of credit card customer data, including credit scores, credit limits, balances, payment history, contact information and fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.

Paige A. Thompson was arrested by the FBI on a charge of computer fraud and abuse over the data breach, which is possibly the largest ever to hit a financial services firm.

Richard D. Fairbank, Capital One’s chairman and chief executive, said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Capital One has said it expects the data breach to cost the business between $100 million and $150 million in the short-term. When disclosing the hack, the company emphasised that no credit card numbers or log-in credentials were compromised, nor was the vast majority of Social Security numbers on the affected applications. The bank has said it will offer free credit monitoring services to those customers who have been affected.

Thompson, who goes by the online handle “erratic” inadvertently flagged herself as the perpetrator to authorities by boasting about her actions online. A criminal complaint filed in federal court said she was suspected of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One”.

On Monday, Thompson’s home was raided by the FBI who seized her digital devices. Files referencing Capital One and “other entities that may have been targets of attempted or actual network intrusions,” were discovered during the initial search. Having been appointed a public defender, she is to remain in jail pending a detention hearing scheduled for Thursday.

According to the criminal complaint signed by FBI special agent Joel Martini, she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally.”

The complaint also says that one month prior to the breach a user going by the handle “erratic” sent the bank direct messages warning about sharing sensitive data, including names, birthdays and social security numbers.

In one online post, “erratic” wrote: “I’ve basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it,” according to the complaint.

Authorities say that after reading posts made allegedly by Thompson they came to suspect she “intended to disseminate data stolen from victim entities, starting with Capital One”.

Thompson previously worked at an unidentified cloud computing company that provided data services to Capital One.

Like this: Like Loading...