A Capital One data breach compromised information from 100 million US customers, the company said in a statement.
The breach also affected an estimated 6 million Canadian customers. Personal data stolen includes names, addresses, email addresses, self-reported income, and more. Account data stolen includes balances, payment history, and credit limits. In addition, the breach also exposed highly sensitive information including US Social Security numbers and Canadian Social Insurance Numbers.
The majority of data stolen comes from customers who applied for Capital One credit cards between 2005 and the beginning of 2019. Capital One cited a configuration vulnerability, now closed, as the reason for the breach. In addition, it stated the FBI arrested the person responsible.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” the statement said. “The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.”
Ultimately, the incident shows that business continue to struggle with fraud prevention.
Capital One Offers Free Credit Monitoring and Identity Protection
Capital One Chairman and CEO Richard D. Fairbank apologized to customers for the breach. He also stated the company will notify affected customers. In addition, it will offer customers free credit monitoring and identity protection.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Fairbank said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Capital One set up websites in both English and French for customers that wish to know more about the investigation. This includes updates on the safety of their data, as well as company steps to mitigate the damage and help those affected.
“Safeguarding our customers’ information is essential to our mission and our role as a financial institution,” the statement said. We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses.”