US-based bank, Capital One, revealed last night a data breach that exposed data of exposed the data of 106 million credit card applicants including names, phone numbers, addresses, and dates of birth. In addition, 140,000 US social security numbers, 80,000 bank account numbers, and 1 million Canadian social insurance numbers were also stolen.
The bank said while no credit card account numbers or login details were compromised, the lone hacker got hold of credit scores, credit limits, balances, and payment history.
The Federal Bureau of Investigation (FBI) has arrested the hacker, named Paige Thompson, behind the data breach, in Seattle. According to a report by the Wall Street Journal, she was a former employee of the Amazon Web Services.
Thompson got unauthorized access to Capital One’s data on March 22 and 23. She allegedly took advantage of a misconfigured firewall and stole the data. On April 21, she posted the data on her GitHub account, which also had her full name and resume. There’s no evidence as of yet if anyone downloaded the data.
A court document suggests an anonymous source came across the GitHub account and informed the bank through its responsible disclosure program.
The bank said it’ll notify affected customers soon:
We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.
It added that the incident will cost them $100 million to $150 million in 2019.
Even if you’re not affected by the breach, you should consider enabling two-factor authentication for your transactions to be on the safer side.