PALM BEACH – On July 29, 2019, Capital One Financial Corporation announced they suffered a data security incident in March of this year. An unauthorized individual was able to access the sensitive personal data contained in applications for credit products from 2005 to 2019, which could affect approximately 100 million individuals in the U.S.
The personal information that was accessed included:
- Full names
- Physical addresses
- Phone numbers
- Dates of birth
- Email addresses
- Self-reported income
For some customers, additional information stolen may have included customer status data such as credit scores, credit limits, balances, payment history, and fragments of transaction data. For a small portion of applicants, about 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed.
According to the bank and the FBI, a female suspect named Paige A. Thompson, 33, stole the data from Capital One’s network and has been charged with a single count of computer fraud and abuse.
The Wall Street Journal reported that Thompson is a former employee of Amazon Web Services. Under the username “erratic,” Ms. Thompson boasted online about her alleged theft of the data, which allowed law enforcement to quickly identify her, according to prosecutors.
Capital One chief Richard Fairbank apologized for the incident:
“I am deeply sorry for what has happened,” Fairbank said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
While there is no evidence that the data was used for fraud or shared with anyone else, their investigation is ongoing.