Capital One revealed late Monday that a hacker gained access to personal information from 106 million credit card applicants and customers in the United States and Canada.
The McLean, Va.-based financial services giant said one million Canadian Social Insurance Numbers, 140,000 U.S. Social Security numbers, and 80,000 linked bank account numbers of Capital One customers were compromised in the breach. The FBI Monday arrested Paige Thompson, a 33-year-old former Seattle technology company software engineer, in connection with the incident on charges of computer fraud and abuse. The Wall Street Journal, citing people familiar with the matter, reported Thompson was previously employed by Amazon Web Services.
An AWS spokesperson did not immediately respond to a CRN request for comment.
According to the criminal complaint, Thompson posted on GitHub about her theft of information from the servers storing Capital One data. The intrusion allegedly occurred through a “misconfigured web application firewall that enabled access to the data.”
On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft, a summary of the complaint stated. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI. Investigators, the complaint stated, were able to identify Thompson as the person who was posting about the data theft. This morning agents executed a search warrant at THOMPSON’s residence and seized electronic storage devices containing a copy of the data. "While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One Chairman and CEO Richard Fairbank said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."