Capital One reports massive data breach

Thursday, 01 Aug, 2019

Capital One said it could not provide information on several questions posed by The Canadian Press, including how many and which branded credit cards were affected and how many of those had their SIN compromised.

The hacking suspect was arrested Monday. The FBI also believes that Thompson owns a Twitter account which contacted Capital One on July 18 stating that it was in possession of social security numbers. Investigators allege that she posted information related to the intrusion on the code-sharing site GitHub and on social media, which apparently resulted in her quick arrest. The breach went unnoticed by Amazon and Capital One. The agreement includes up to US$425 million in monetary relief to consumers. But it's unclear when that offer will start, and there are other ways people can protect themselves regardless of whether they were affected by this particular data breach.

According to Capital One, the personal details including the names, addresses and phone numbers of more than 100 million people across the USA and Canada was stolen.

"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right".

Some of the Capital One's data was encrypted or tokenized, but some wasn't.

However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised", the company noted.

The company said that hackers also got their hands on transaction data from 23 days between 2016 and 2018.

A copy of the complaint against Thompson is available here. The bank launched into damage control mode nearly immediately, pinning the breach on one "highly sophisticated individual" who penetrated the bank's defenses, but emphasizing that "no other instances" of the specific "configuration vulnerability" were found.

Paige Thompson, a 33-year-old transgender woman, has been identified as the hacker behind the widespread Capital One data breach that compromised more than 100 million customers.

"MSU receives hundreds of threats and attacks each day on our system", Michigan State spokeswoman Emily Guerrant said in an email.

Aside from information found on credit card application forms, some credit card customer data was also involved.

This time, it's Capital One and you don't even have to be a customer.

According to the bank, the breach may have occurred in March of this year. Affected Canadians should contact Capital One immediately.

Law enforcement officials were able to track Thompson down as the page she posted on contained her full name as part of its digital address, the complaint said. The McLean, Virginia, company says it immediately notified the Federal Bureau of Investigation. According to a report by the Wall Street Journal, she was a former employee of the Amazon Web Services.

Thompson left an online trail including IP addresses linked to a VPN named IPredator - located in Cyprus, according to its website - and postings on online group event service Meetup and instant messaging platform Slack, Martini said.

Erratic listed only filenames in the Slack channel, and not files themselves.

If Capital One does end up settling with consumers, Bartholomew said, it would probably be for less money because the claims likely wouldn't be as egregious.