Capital One Financial Corp. said Monday that the personal information — including names, addresses, phone numbers and credit scores — of about 100 million individuals in the United States and six million people in Canada were obtained by a hacker.
About one million social insurance numbers of the company’s Canadian credit card customers were also compromised.
Capital said it became aware of the hack on July 19.
The U.S. Justice Department said Paige Thompson, a former Seattle technology company software engineer, was arrested on Monday on a criminal complaint charging computer fraud and abuse for hacking into Capital One Financial Corp.’s stored data.
About 140,000 social security numbers and 80,000 linked bank account numbers were compromised, Capital One said. The company also said credit card numbers were not affected.
The breach is expected to cost between $100 million US and $150 million in 2019, mainly due to customer notifications, credit monitoring and legal support, Capital One said.
According to the 12-page criminal complaint, the hacker allegedly posted information from her hack on the coding platform GitHub. The hacker was able to gain access to the data through a misconfigured web application firewall, the U.S. attorney’s office said.
A GitHub user alerted Capital One to the potential data theft, who in turn alerted the Federal Bureau of Investigation, according to the DOJ’s statement.
The allegations have not been proven in court. Thompson, 33, made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, according to the statement.
Investigators say Thompson is known by the alias “erratic.”
A representative for the U.S. attorney’s office said it was not immediately clear what the suspect’s motive was.
“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” Capital One said in a statement. “However, we will continue to investigate.”