Capital One, a Virginia-based bank with a popular credit card business, announced on Monday that a hacker had done so. The FBI has a Seattle-based woman, Paige A. Thompson, for computer fraud and abuse arrested to court records.
The hack seems to be one of the biggest data breaches ever encountered by a financial services company. In 2017, credit card company Equifax announced that hackers had stolen the personal information of 147 million people. Last week, US regulators reached a settlement of $ 700 million.
"While I'm grateful the perpetrator was caught, I deeply regret what happened," said Richard D. Fairbank, chairman of Capital One and general manager. "I sincerely apologize for the understandable concern that this incident must cause those affected, and I'm determined to get it right."
The hack is expected to cost the company between $ 100 and $ 150 million in the near future, said Capital One
Announcing the data breach, Capital One emphasized that neither credit card numbers nor credentials were challenged, nor the vast majority of Social security numbers for the affected applications.
This is unusual in a serious hacker attack There is a suspicion that a suspect is picked up so quickly, and in this case apparently due to online boasting.
Thompson, who according to the authorities used the name "unpredictable" in online conversations, is suspected of "filtering out and stealing information, including credit card applications and other documents, from Capital One," a federal court said filed criminal complaint. According to court records, she had to stay in jail until a hearing scheduled for Thursday.
A Thompson lawyer did not immediately respond to a message asking for a statement that she has information about Capital One and acknowledges that she acted illegally, "says FBI Special Agent Joel Martini signed criminal complaint.
In an online publication, "erratic" wrote: "I've basically strapped myself into a bomb vest, [expletive] dropped Capitol-Dox and admitted that. "According to the complaint.
"Although some information in these applications (such as Social Security numbers) is tokenized or tokenized, other information, including name, address, birth dates, and applicant's credit-worthiness information, has not been noted," the FBI complaint states. and the bank informed the office that the data i Including "probably tens of millions of applications and about 77,000 bank account numbers".
Capital One, headquartered in McLean, Virginia, was alerted to a problem following an online discussion on July 17. According to the complaint, the group claimed to have lost large amounts of corporate data.
The bank investigated a vulnerability and quickly confirmed it.
The hacker was able to access the social security numbers of about 140,000 customers – those who used their social security number as an employer identification number when applying for credit cards for small businesses, the bank said in In court records.
The authorities said that Paige, in talks with the Slack intelligence service, posted a list of files she allegedly possessed, in a prominent position. The person in the group discussion replied "sketchy" and "do not go to jail."
The "unpredictable" user responded: "I want to get it from my server, so I archive everything lol … According to court records, everything is encrypted.
Other messages that Thompson reportedly released last month came the FBI suspects that it "intended to spread data stolen from entities' victims, starting with Capital One," court records said.