Capital One suffers major United States data breach

Wednesday, 31 Jul, 2019

A massive data breach at Capital One Financial Corporation is impacting more than 100 million people in the US and Canada, the company said in a press release.

However, the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security numbers on the applications.

Monitor your credit: Sign up to monitor your credit for free with Credit Karma or Credit Sesame.

HBC did not immediately respond to requests for comment.

Capital One did not have an immediate response to Reuters questions about its technological vulnerabilities on Tuesday.

Prosecutors say the hack took place between March 12 and July 17.

"I've basically strapped myself with a bomb vest", Thompson wrote in a Twitter Direct Message, according to the criminal complaint.

The FBI raided Thompson's residence Monday and seized digital devices.

Thompson, a former employee of Amazon Web Services, didn't try to hide on the Internet that she was a hacker, the New York Times reported.

"AWS was not compromised in any way and functioned as designed", a company spokesperson said Tuesday. According to the complaint, which you can read here, Thompson - also known by the alias "erratic" - hacked into a misconfigured web application firewall. "As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud".

Another factor that could influence the outcome of the lawsuit is how quickly Capital One notified customers once it became aware of the breach. Although 99 per cent of customers' social insurance numbers were not compromised, 140,000 were still accessed. That user reported the message to Capital One.

Capital One issued a statement about the incident, saying that: "we believe it is unlikely that the information was used for fraud or disseminated by this individual".

The information exposed in the hack was largely linked to consumers and small businesses that applied for Capital One credit card products between 2005 and early 2019, the company said in a news release.

"I am deeply sorry for what has happened", Richard D. Fairbank, Capital One's chief executive officer, said in a statement.

Even with these increased costs, Capital One states that they have cyber security insurance that will cover up to $400 million with a $10 million deductible.

In what's become an all-too-familiar story, Capital One and law enforcement have revealed that personal information of 100 million US customers and 6 million Canadian customers have been compromised.

Equifax, one of three major credit-reporting companies, disclosed in 2017 that a data breach had compromised the personal information, including Social Security numbers, of 143 million Americans.

While Thompson used a VPN and The Onion Router (TOR) exit nodes to hide her activities on S3, she posted files related to the illegal data access on open source code repositories Github and Gitlab using accounts bearing her full name according to FBI investigators.

It believes that the data of everyone who applied between 2005 and 2019 is compromised, which means roughly 100 million people in the U.S., and some six million people from Canada.

The company will also be posting updates for Canadians customers here.

Consumers eligible for the fund must submit claims showing they were fraud victims or set up credit-monitoring services following the breach.