Capital One reveals 100m customer data hack

Capital One has confirmed that it was the victim of a hack which involving the data of around 100 million US individuals and six million in Canada.

The US financial services giant announced that the hack, which was discovered on 19 July, involved “unauthorised access by an outside individual who obtained certain types of personal information” relating to people who had applied for its credit card products and to Capital One credit card customers.

A 33 year-old former software engineer Paige Thompson has been identified as the alleged hacker. Thompson appeared in US District Court in Seattle on Monday, according to the US attorney’s office.

The hack, which was able to decrypt encrypted data sets, occurred on 22 and 23 March, Capital One said.

Richard D. Fairbank, chairman and chief executive of Capital One, said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.

“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right."

The company underlined that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.

However, personal information including names and addresses, dates of birth and self-reported income had been left exposed by the hack.

Beyond the credit card application data, the individual also obtained portions of credit card customer data, including customer status data such as credit scores, credit limits, balances, payment history and contact information.

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.

Approximately one million Social Insurance Numbers belonging to customers in Canada were compromised in the incident, the company said.

The company expects the incident to generate incremental costs of approximately $100 to $150 million in 2019, mainly for customer notifications and communications, credit monitoring, technology costs and legal support.

A statement read: “Safeguarding our customers' information is essential to our mission and our role as a financial institution. We have invested heavily in cybersecurity and will continue to do so, we will incorporate the learnings from this incident to further strengthen our cyber defenses.”

Sam Curry, chief security officer at Cybereason, said: “For all intents and purposes, it looks like Capital One had some good security practices in place, as evidenced by tokenisation of data shown so far.

“As a positive, the FBI made an arrest quickly and there is a chance to minimise the damage. Normally, its months, years or never in terms of arrests and accountability of the criminals – finding things sooner in the lifecycle, always limits the impact and damage to the innocent.”

    Share Story:

Recent Stories


The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.

The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.