Capital One Discloses Data Breach of 100 Million Credit Card Applications

News Capital One Data Breach Featured

Millions of people are reaching some financial relief, albeit limited, with the Equifax settlement that was reached last week. If you suffered a loss or spent money trying to protect your credit after your information was stolen, you’re getting something, even if it’s just a $125 check.

Yet, just days later, the news hit that there’s now been another data breach. This time it affects potential users of Capital One credit cards. You don’t even have to use one to be affected, as the data breach affected around100 million credit card applications.

Capital One Data Breach

You recorded on the credit card application all that personally identifiable information about you as the bank needs it to check your credit score and to also determine whether it’s financially wise to issue you a credit card. But now a hacker has your information from that application.

The FBI arrested Paige A. Thompson from the Settle area and charged her with computer fraud and abuse, according to court records. She is accused of accessing around 100 million credit card applications and taking Social Security numbers and bank account numbers.

While the Equifax data breach affected 147 million people, this breach is reaching similar numbers, making it one of the largest data breaches ever. Equifax last week reached a $700 million settlement over their breach.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Capital One’s chairman and chief executive, Richard D. Fairbank.

“I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

Capital One tried to reassure people and let them know not all information was stolen. No credit card numbers or log-in credentials were compromised, and most of the Social Security numbers weren’t either.

Thompson was arrested quickly in this case, mostly because she made the mistake of bragging about her windfall online with the username of “erratic.”

News Capital One Data Breach Woman

She “made statements on social media for evidencing the fact that she has information of Capital One and that she recognizes that she has acted illegally,” said FBI special agent Joel Martini in a criminal complaint.

Thompson wrote in one post, “I’ve basically strapped myself with a bomb vest, [expletive] dropped capitol ones [sic] dox and admitting it.”

According to court records, Thompson is suspected of “exfiltrating and stealing information, included credit card applications and other documents, from Capital One.” She was ordered to remain in jail until at least her detention hearing with is scheduled for Thursday, August 1.

The FBI complaint said that while some of the information, such as Social Security numbers, on the applications “has been tokenized or encrypted,” other information, including names, addresses, birth dates and credit history information has not been tokenized. The bank believes the data includes “likely tens of millions of applications and approximately 77,000 bank account numbers.”

On July 17 Capital One learned a person in an online discussion group was claiming to have taken large amounts of data from the company. Once the bank investigated, they were able to confirm the breach.

Using the Slack messaging service, Thompson listed the files she claimed she possessed. She followed this by saying, “I wanna get it off my server that’s why I’m archiving all of it … its all encrypted.”

Previously, she worked at a cloud computing company that provided data services to Capital One. The FBI suspects she “intended to disseminate data stolen from victim entities, starting with Capital One.”

Little to No Protection

It’s easy to feel there is little to no protection. Banks provide a lot of security, helping out the little guys who don’t have the technical known-ho to do so. Yet still, they are open to being hacked just as anyone else is. And $125 doesn’t seem like it will be enough to fix the wrong here, just like it wasn’t in the Equifax case either.

Do you feel more vulnerable now? Are you a Capital One client, or have you applied for one of their credit cards in the past? Let us know in the comments below.

5 comments

  1. I have a Capital One card what’s next in this soap opera

    1. “I have a Capital One card what’s next in this soap opera”
      Now the hackers know the answer to the question of “What’s in YOUR wallet?” :-)

      1. Now the hackers know the answer to the question of “What’s in YOUR wallet?” :-)

        You never heard of one time passwords? Almost every shady person in Cancun has my credit card details. Yet to receive any “alerts”.

        1. If you’ve read the article, you would know that the data was stolen from Capital One database, NOT from individual credit cards. One time password, 2FA and any other method of personal security would not have made one bit of difference. It was an inside hob by a disgruntled employee, something the customers have no way of preventing or defending against.

          1. All right, I’ll admit this once you’re right.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.