Home / IT / Telecom / Tech/ Capital One data breach hits over 100 million credit card applications

Capital One data breach hits over 100 million credit card applications


Comments / {{hitsCtrl.values.hits}} Views / Thursday, 1 August 2019 00:00


Los Angeles, AFP: A hacker accessed more than 100 million credit card applications with US financial heavyweight Capital One, the firm said on Monday, in one of the biggest data thefts to hit a financial services company. 

FBI agents arrested Paige Thompson, 33, a former Seattle technology company software engineer, after she boasted about the data theft on the information sharing site GitHub, authorities said. 

“The intrusion occurred through a misconfigured web application firewall that enabled access to the data,” a statement by the US attorney’s office in the northwest state of Washington said. 

“On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft.” It said the Virginia-based bank that specialises in credit cards contacted the FBI after confirming the data theft, which took place between March 12 and July 17 of this year. 

“According to Capital One, the data includes data regarding large numbers of (credit card) applications, likely tens of millions of applications,” according to the criminal complaint. 

In a statement, Capital One said the hack affected 100 million individuals in the United States and six million in Canada. 

“Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of social security numbers were not compromised,” the bank said. Thompson, who used the alias “erratic” in online conversations, allegedly posted several times about the theft on GitHub and on social media. 

One posting on a Twitter account with the user name “erratic” read: “I’ve basically strapped myself with a bomb vest, fucking dropping capital ones dox and admitting it,” according to the complaint. 

Authorities said electronic storage devices containing a copy of the stolen data were allegedly recovered at her residence on Monday. 

Capital One said some of the information in the applications stolen, such as social security numbers, is encrypted or tokenised. Other information including names, addresses, dates of birth and credit card history was not secured. 

The company said it expects the breach to cost between $100 to $150 million in 2019. It added that free credit monitoring and identity protection would be made available to anyone affected. 

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard Fairbank, the company’s chairman and CEO, said in a statement. “I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”  Thompson faces up to five years in prison and a $250,000 fine if convicted on the charge of computer fraud. 

She was ordered held in jail Monday pending a detention hearing later this week. 

News of the Capital One breach comes after US credit monitoring agency Equifax last week agreed to pay up to $700 million to settle a similar incident that hit the company in 2017, affecting nearly 150 million customers. 

The penalty was the biggest ever in a data breach case and followed revelations that hackers had stolen the personal details of millions, including names, dates of birth and social security numbers.


Share This Article

Facebook Twitter


DISCLAIMER:

1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.

COMMENTS

Today's Columnists

Withering of expectations and prospects of new ones

Friday, 21 February 2020

The election of Gotabaya Rajapaksa as President at the last Presidential Election can be said to have been the ultimate wish of the majority of Sinhala Buddhist people. Yet, the people were not aware that the President they were electing does not hav


Upsurge of populism

Friday, 21 February 2020

“Populism: denies the pluralism of contemporary societies. It promotes hostility to “enemies” and flirts with violence. It is generally gripped by a territorial mentality that prioritises borders and nation states against ‘foreigners’ and


Diplomatic drone strike, Indo-Lanka equation and constitutional change

Thursday, 20 February 2020

The ‘diplomatic drone strike’, the dramatic US strictures against the Army Commander, Lt. Gen. Shavendra Silva, tells us that Big Brother IS watching. This isn’t the usual suspects, its way out of their league. This is the Big League, the big b


Solar and wind power can resolve electricity crisis, early and cheaper, if allowed

Thursday, 20 February 2020

The country is facing the worst power situation in the history, with electricity generation being unable to meet the demand, with generation costs among the most expensive in the world. With the current scenario, the country cannot be expected to com


Columnists More