Capital One Financial Corp. , the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever data breaches of a big bank.

Paige A. Thompson, 33 years old, was arrested in connection with the hack Monday by federal agents in Seattle, officials said. Ms. Thompson is accused of breaking through a Capital One firewall to access customer data that the bank had stored on Amazon.com Inc.’s cloud service, according to a federal criminal complaint and people familiar with the matter.

The bulk of the exposed data involves information submitted by customers and small businesses that applied for Capital One credit cards between 2005 and early 2019, the bank said, including addresses, dates of birth and self-reported income.

Ms. Thompson is a former employee of Amazon Web Services Inc., according to people familiar with the matter. The criminal complaint says Ms. Thompson’s résumé showed she worked at a cloud-computing company, which the government didn’t name, as a systems engineer from 2015 to 2016.

A spokesman for Amazon didn’t immediately respond to a request for comment.