A 33-year-old woman hacker broke into over 100 million customers’ personal data in a massive breach at the financial giant and credit card issuer Capital One, exposing credit scores, balances, income information and Social Security numbers.
Paige A. Thompson, who goes by the handle “erratic,” was arrested and was scheduled for a detention hearing on Thursday, according to a report in npr.org on Monday.
Virginia-based Capital One, the seventh-largest bank in the US, acknowledged the breach.
The actual crime occurred on March 22-23 this year and for as many as 140,000 individuals, the exposure included Social Security Numbers while for 80,000, their linked bank account numbers as well, said Capital One which is a major credit card issuer in the US and also operates retail banks.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.
“The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate,” the company said in a statement late Monday.
The data leak affected approximately 100 million individuals in the US and approximately 6 million in Canada.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman, and CEO, Capital One.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
However, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised, claimed the company.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the infrastructure.
Some of the information was also posted on the Microsoft-owned software development platform GitHub.
In yet another similar case, credit bureau Equifax agreed to pay $700 million to consumers in connection with a similar breach that occurred two years ago.