Hacker stole 106 Million total number of Credit Card users detail including 100 million in United States and 6 Million in Canada, the Capital One confirmed Today.
Capital One Financial Corporation is a bank holding company specializing in credit cards, auto loans, banking and savings accounts headquartered in McLean, Virginia. Capital One is ranked 10th on the list of largest banks in the United States by assets.
The FBI has arrested the hacker named Paige A.Thompson on Monday.
According to Capital One, the data breached including Name, address and phone numbers of its users.
But she did not gain the access to credit card account numbers as said by Capital one.
In the Press Release the firm said,
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
How many Customer Services Breached in the Incident?
No bank account numbers or Social Security numbers were compromised, other than:
- About 140,000 Social Security numbers of our credit card customers
- About 80,000 linked bank account numbers of our secured credit card customers
- Also compromised some customers’ names, addresses, dates of birth, credit scores, credit limits, balances, payment history, and contact information.
When it happened?
On 19 July, 2019, the firm determined that there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for credit card products and Capital One credit card customers. This occurred on March 22 and 23, 2019.
What was the vulnerability?
Capital One believe that a highly sophisticated individual was able to exploit a specific configuration vulnerability in our infrastructure. When this was discovered, they immediately addressed the configuration vulnerability and verified there are no other instances in their environment.
Among other things, they also augmented, routine automated scanning to look for this issue on a continuous basis.
Capital One is expecting the incident to generate incremental costs of approximately $100 to $150 million in 2019. Expected costs are largely driven by customer notifications, credit monitoring, technology costs, and legal support. And also expect to accrue the costs for customer notification and credit monitoring in 2019.
What will charges to Hacker?
On Monday, the FBI have arrested the cyber criminal Thompson. She allegedly used the anonymity network Tor and VPN while breaching the Capital One. She seemed confident that she would protect her identity, but failed.
“Under optimal conditions, in principle tools like Tor can isolate your footprints,” says Kenn White, director of the Open Crypto Audit Project. “The problem is nothing is really useful in isolation. People use social media, they use familiar, known handles. It is very hard to compartmentalize your life online, and it only takes one mistake to be caught, particularly for crimes of this magnitude.”
Thompson next hearing will be scheduled in U.S. District Court on 1 August, 2019. She has charged with computer fraud and abuse, which carries up to five years in prison and a $250,000 fine.