Data theft of 106 million customers at Capital One
US-based Capital One Financial said Monday that personal data from 106 million of its US and Canadian customers had been stolen recently and that the thief, a computer engineer, had been apprehended by the Federal Police (FBI).
This intrusion is one of the biggest computer hacks affecting a major US bank, with Capital One being the fifth issuer of bank credit cards in the United States.
The institution “determined that an outsider had unauthorized access (to his network) and obtained some personal information,” he said in a statement.
This data is from people who “have applied for credit card products or want Capital One credit cards,” the source added.
About 100 million US citizens and nearly 6 million Canadians are affected, the firm said, adding that: “neither credit card account numbers nor information to connect to bank accounts were stolen. And more than 99% of social security numbers have not been compromised. ”
The information obtained illegally belongs to consumers as well as to small businesses that have contacted Capital One between 2005 and early 2019.
They range from names, addresses, postal codes, phone numbers, e-mail addresses, birth dates and declared earnings.
The hacker, who used a flaw in a Capital One cloud computing server, also obtained partial information about credit card holders, such as their payment history or current account balance. .
Five years in prison
For Canadian customers, almost one million insurance numbers have been hacked, says Capital One.
“It is unlikely that the stolen information was used to commit fraud or was disseminated by the individual. However, we will continue to investigate, “says Capital One.
The bank, which says it has plugged the breach on July 19 two days after being informed by a user of the website GitHub, explains that the piracy took place between March 12 and July 17 this year.
The alleged thief would be an American named Paige Thompson, 33 years old. She lives in Seattle, Washington, where she was arrested Monday by the FBI.
It is rare for the authorities to make such a quick arrest in a hacking case.
“Capital One promptly informed the relevant authorities of the theft of data – which allowed the FBI to trace the intruder,” said Brian Moran, the representative of the Justice Department (DoJ) in the state. Washington, in a statement.
According to court documents consulted by AFP, Mrs. Thompson, 33, allegedly used the pseudonym “Erratic” in conversations on social networks and websites to brag about his crime.
In particular, she “declared on social media that she held capital information One, and that she admitted to breaking the law,” according to the FBI’s complaint.
“I trapped myself with an explosive jacket,” she also said according to the FBI.
Ms. Thompson is suspected of “stealing information including requests for bank credit cards and other Capital One materials”.
His arrest comes just days after Equifax, the US credit bureau, was fined up to $ 700 million for stealing data from over 147 million of its customers in 2017.
A court hearing is scheduled for Thursday in Seattle. Paige Thompson faces more than five years in prison and a $ 250,000 fine, according to the DoJ.