US bank giant data breach affects over 100m users

The fifth-biggest credit card issuer in the US Capital One said Monday that the personal information of more than 100 million customers was compromised during a massive data breach by a hacker.

"Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada," Capital One said in a statement.

Some critical personal information, including the Social Security numbers of about 140,000 credit card customers, about 80,000 linked bank account numbers of secured credit card customers and about 1 million social insurance numbers of the bank's Canadian credit card users, was compromised.

The credit card application information of consumers and small businesses from 2005 through early 2019 was the largest category of information breached by the hacker, which includes names, addresses, zip codes or postal codes, phone numbers, email addresses, dates of birth, and self-reported income.

Other personal information, including credit scores, credit limits, balances, payment history, contact information and fragments of transaction data, was also compromised, said the bank.

Even though the scale of the breach is quite astonishing, the Virginia-based bank said "no credit card account numbers or log-in credentials were compromised" and "over 99 percent of Social Security numbers were not compromised" based on its investigation.

Paige Thompson, a 33-year-old former software engineer, was arrested in connection with the massive data breach, the U.S. Department of Justice said Monday.

The bank has "immediately fixed the configuration vulnerability" Thompson exploited, and promises to notify customers affected and provide them with free credit monitoring and identity protection, according to the statement.

"I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right," said Richard D. Fairbank, CEO of Capital One.

The breach could have a negative impact on Capital One's financial performance.

The incident is expected to generate incremental costs of approximately 100 to 150 million U.S. dollars in 2019, mostly driven by "customer notifications, credit monitoring, technology costs and legal support," said the bank.


Similar articles

  • Facebook's Libra abandoned by major payment companies

    Facebook's Libra abandoned by major payment companies

    Facebook’s efforts to establish a global digital currency called Libra suffered severe setbacks on Friday, as major payment companies including Mastercard and Visa Inc quit the group behind the project, news wires reported. The two companies announced they would leave the association, as did EBay, Stripe and Latin American payments company Mercado Pago.

  • Global regulators to question Libra, as EU concerns rise

    Global regulators to question Libra, as EU concerns rise

    Global regulators will question Facebook on Monday about its Libra cryptocurrency, amid concerns from European Union governments over the threat the digital currency poses to financial stability, news wires reported, citing the Financial Times. Officials from 26 central banks, including the US Federal Reserve and the Bank of England, will meet with representatives of Libra in Basel on Monday. Libra’s founders have also been invited to answer key questions about the currency’s scope and design, FT said.