Capital One hit by major data breach

capital one
(Image credit:

Capital One has revealed it suffered a major data breach that left the data of millions of customers at risk.

The financial giant said that around 106 million customers in the US and Canada may have had their personal details stolen in the attack, with information such as names, addresses and phone numbers all at risk.

However credit card details and numbers were not hit in the attack, the company said., with log-in credentials also unaffected.

'Deeply sorry'

Capital One announced the news following the arrest of the alleged hacker by the US Justice Department, which confirmed Paige Thompson, a 33-year-old former Seattle technology company software engineer, had appeared in court earlier today.

Thompson was reported to police by a GitHub forum users after she apparently boasted of the attack online. If convicted, she faces the possibility of up to five years in prison and a $250,000 fine.

The hack itself was reported on July 17th, with the hacker apparently able to exploit a "specific configuration vulnerability" in the company's infrastructure, Capital One said.

In total, Capital One believes the breach affected approximately 100 million individuals in the US, as well as six million more in Canada. 

Around 140,000 US social security numbers and 80,000 linked bank account numbers are thought to be compromised, with about one million social insurance numbers belonging to Canadian credit card customers also affected.

Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One Chairman Richard Fairbank said in a statement.

"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right."

The company says it will notify those affected and will provide free credit monitoring and identity protection.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.