Published on July 30th, 2019 📆 | 4371 Views ⚑0
Hacker swipes personal info on 106 million US, Canadian credit card applicants • DigitalMunition
Developing Capital One says a hacker made off with account details on more than 100 million of its customers in the US and Canada.
A Seattle woman has already been arrested and charged in connection with the hack on a cloud storage bucket containing Capital One information. The woman, Paige Thompson, faces a charge of violating the US Computer Fraud and Abuse Act.
Court filings [PDF] accuse Thompson of entering the cloud repository between March 12 and July 17 and posted the information on her personal Github page - which includes her full name. It is also claimed she bragged about the hack publicly on social media.
Capital One says that the lifted information includes 140,000 social security numbers and 80,000 banked account numbers. Most of the stolen records, however, were comprised of credit card applications, customer credit scores, balances, contact information, payment history, and transaction data for a selection of 23 days from 2016-2018.
Solid password practice on Capital One's site? Don't bank on it
It is believed that the stolen database, said to have been stored in a vulnerable cloud storage bucket, was full of credit card applications filed from between 2005 to early 2019.
In total, 100 million people in the US and six million people in Canada had their records lifted in the attack. Capital One says that it is "unlikely" the information was shared with anyone else before the suspected hacker was arrested.
The FBI did not respond to a request for comment.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One CEO and chairman Richard Fairbank.
"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
This is a developing story – more to follow
MCubed - The ML, AI and Analytics conference from DigitalMunition.