The New York Times reports:
A software engineer in Seattle hacked into a server holding customer information for Capital One and obtained the personal data of over 100 million people, federal prosecutors said on Monday, in one of the largest thefts of data from a bank.
The suspect, Paige Thompson, 33, left a trail online for investigators to follow as she boasted about the hacking, according to court documents in Seattle, where she was arrested and charged with one count of computer fraud and abuse.
Ms. Thompson, who formerly worked for Amazon Web Services, which hosted the Capital One database that was breached, was not shy about her work as a hacker. She is listed as the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.”
The Virginia-headquartered bank said in a news release that about 140,000 Social Security numbers of its credit card customers, around 80,000 linked bank account numbers, and one million Canadian Social Insurance numbers were compromised. Additional information including names, addresses, phone numbers, credit scores and credit limits were also exposed. In total, Capital One said, “this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”
Fast Company reports:
So were you affected and how can you find out? Rather unhelpfully, all Capital One is saying right now is that they “will notify affected individuals through a variety of channels.” What these channels may be is anyone’s guess. And given that Capital One has been aware of the hack for a week and a half, it’s disappointing they aren’t being more specific or don’t yet have an online tool in place to allow customers and applicants to check if their data was breached.
But Capital One is saying they will make free credit monitoring and identity protection available to everyone affected—which is pretty standard stuff when any company suffers a major data breach. Capital One also revealed that the data breach is expected to cost the company between $100 million and $150 million in 2019. Those costs are due to customer notifications, legal support, and credit monitoring.