Capital One Hacked, 100 Million Accounts Affected, Woman Arrested

-edited

A former employee of Amazon Web Services was arrested by federal agents in Seattle for hacking Capital One.

The Wall Street Journal reports Capital One Reports Data Breach Affecting 100 Million Customers, Applicants

Capital One Financial Corp. , the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest ever data breaches of a big bank. The announcement came the same day the alleged hacker, Paige A. Thompson, was arrested by federal agents in Seattle.

The bulk of the exposed data involves information submitted by customers and small businesses in their applications for Capital One credit cards from 2005 through early 2019, the bank said. The information included addresses, dates of birth and self-reported income. The breach compromised approximately 140,000 Social Security numbers and 80,000 bank account numbers, as well as some customers’ credit scores and transaction data, according to the bank.

Investigators accuse Ms. Thompson of breaking into the servers that Capital One rented from the cloud-computing company to steal customer data from the bank. Ms. Thompson, who is charged with one count of computer fraud and abuse, allegedly accessed the bank’s data through a misconfigured firewall.

Credit card information and customer passwords are not at risk according to Capital One.

What's in Your Wallet?

Mike "Mish" Shedlock

Comments (18)
No. 1-11
Mish
Mish

Editor

In Bryce Canyon NP No internet or even phone in my room. Have to leave the park periodically to post or even call my wife. Been here 3 days - expect fewer posts for a while and slower responses to comments. Headed fo sunset now. Mish

RonJ
RonJ

"What's in Your Wallet?"

Cash.

When i went to Target i paid cash. Then i heard that Target had a data breach. I made the right choice to only use cash.

2banana
2banana

Note to all. Free advice:

  1. Place a credit freeze on your accounts with the big three credit agencies. It works. Cost = $30 (total) and $10 for a temporary unfreeze when you need a lender to "see" your credit.

  2. Get an IRS PIN for your taxes. Free. No one can file a return in your name or get your refund without it.

  3. Get your credit report at least once per year. Free. Triple check it.

  4. Do not ignore strange calls or letters about credit or accounts you never set up. Fix them.

  5. Google your name and social security number every once in a while. Separately, of course. Free.

Casual_Observer
Casual_Observer

My former employer got tricked by hackers into giving every employee's social security number away. Literally I think every American can assume their SS number is compromised.

Stuki
Stuki

Once you give supposedly "private" information away, it's no longer private. It's public. Any number of agencies, ambulance chasers and others, have access to it to their hearts' content. There's a term for believing it is OK that those do, but somehow not OK that Huawei and AWS employees do the exact same thing: It's called being successfully indoctrinated. Keep your darned secrets secret, and focus on making doing so as simple, and as default, as possible. Anything else is just being a dumb sheep, mindlessly busying itself picking favorites among the wolves eating it.

RB2
RB2

The wymym will prob just get a slap on the wrist. Move alonng nothing to see here.

Blurtman
Blurtman

Not a woman, zactly...

Bam_Man
Bam_Man

This is your "cashless society" of the future. POOF!!....and it's gone.

bradw2k
bradw2k

Not many details yet, but never ceases to amaze how there are large sec-ops teams who fail to do effective threat model analysis of their systems and find the hole that some jerk is able to find.

KidHorn
KidHorn

Wonder what damage AWS will suffer. They have a lot of customers with sensitive info. And a lot of competitors. Seems everyone is getting into the virtual server business.