WASHINGTON – Capital One Financial Corporation of the United States said on Monday that a hacker accessed the details of nearly 100 million credit card applicants and customers in the US and 6 million in Canada.
The statement by Capital One said the “FBI had arrested the person responsible.”
In a separate statement, the US Department of Justice said the FBI arrested the alleged hacker, a former tech company software engineer identified as Paige A Thompson, in Seattle.
A copy of the data was found at her residence.
Thompson was arrested on charges of computer fraud and abuse for an intrusion on the stored Capital One data, which is punishable by up to five years in prison and $250,000 fine, and is set to appear for a bail hearing on Aug. 1.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Chairman and CEO of Capital One, Richard D. Fairbank.
Consumers and small businesses who had applied for credit card products between 2005 and 2019 were affected, according to the bank.
In the majority of the cases, personal information including names, addresses, phone numbers, dates of birth, income and credit history was compromised.
Thompson was able to access social security numbers of 140,000 people in the US and 1 million in Canada as well as linked bank account numbers of 80,000 customers, Capital One said.
According to legal documents, Thompson had posted about her theft on information sharing site GitHub.
A GitHub user saw the post then alerted Capital One on July 17 to the possibility that it had suffered data theft. Capital One contacted the FBI two days later.
Capital One is ranked 10th on the list of largest banks in the country with some $373.6 billion in assets.