Capital One Financial Corporation (NYSE: COF) announced on July 19, 2019, that there was unauthorized access by an outside individual who gathered specific types of personal information. An external security researcher alerted Capital One of the vulnerability through their Responsible Disclosure Program on July 17, 2019, in which they conducted their own internal investigation leading to the arrest of a woman from Seattle, Washington.
People affected by the Capital One breach are those who applied for credit card products and Capital One credit card customers. Information obtained by the hacker in the Capital One data breach includes social security numbers, bank account numbers, and more:
- Credit scores, credit limits, and balances.
- Transaction data from a total of 23 days during 2016, 2017, and 2018.
- 140,000 Social Security numbers (USA)
- 1 million Social Insurance Numbers (Canda)
- 80,000 linked bank account numbers or credit card customers.
Of the information stolen, no credit card numbers or log-in credentials were compromised.
Capital One claims that they immediately fixed the vulnerability on their end and began to work alongside federal law enforcement. Capital One then claims that the FBI arrested a woman they believe is responsible for the hack.
Capital One further states that they believe it is unlikely that the stolen information was used unlawfully or shared by the individual; however, they will continue to investigate.
Chairman and CEO Richard D. Fairbank said of the breach that he is “grateful that the perpetrator has been caught” and apologized for the fiasco that is causing harm to Capital One customers and people who applied for a credit card. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” he said.
According to ongoing analysis, the Capital One breach has affected nearly 100 million people in the United States of America and 6 million people in Canada.
The largest group of people affected by the Capital One breach are consumers and businesses who applied for one or more of their credit card products from 2005 to early 2019. Capital One claims that they routinely collect information when they receive credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and income.
Capital One says that they will notify those affected by the data breach through numerous channels and that they will make free credit monitoring and identity protection available to everyone affected.
For more information about the Capital One breach, visit www.capitalone.com/facts2019. In Canada, information about the Capital One breach can be found at www.capitalone.ca/facts2019 and www.capitalone.ca/facts2019/fr.