Capital One hacked, over 100 million customers affected

Capital One was hacked, the company has disclosed. The breach was first discovered on July 19th.

A notice about the data breach is currently being broadcast from the company’s home page.

Here’s what we know so far:

  • Capital One believes the breach exposed credit card application data for those who applied between 2005 and 2019.
  • The company says this works out to roughly 100 million individuals in the U.S., and 6 million in Canada.
  • The data leaked potentially includes “names, addresses, ZIP codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income” of those who applied, as well as information like “credit scores, credit limits, balances, payment history, contact information.”
  • Capital One is estimating that roughly 140,000 Social Security numbers were potentially compromised in the U.S., as well as 80,000 linked bank account numbers. In Canada, roughly 1 million Social Insurance Numbers were compromised.
  • Transaction data for “a total of 23 days” spread across 2016/2017/2018 was obtained

A notice from the U.S. Department of Justice says that Seattle engineer Paige A. Thompson was arrested in connection with the breach this morning. You can read the indictment here. The notice says that Capital One was alerted about the breach by a GitHub user who spotted another user posting about it on the site.