Capital One says a hacker got access to the personal information of over 100 million individuals applying for credit.
The McLean, Virginia-based bank said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
The compromised data includes 140,000 Social Security numbers, 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, and credit histories, according to the bank and the US Department of Justice.
Paige Thompson, 33, was arrested in connection with the breach, the Justice Department said Monday. The department alleges that Thompson “posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data.”
Thompson was able to gain access by exploiting a misconfigured web application firewall, the DOJ said.
Capital One indicated it fixed the vulnerability and said it is “unlikely that the information was used for fraud or disseminated by this individual.” However, the company is still investigating.
Capital One says it believes that it is unlikely that the information was used for fraud , but it will continue to investigate.
The data breach affected about 100 million people in the U.S. and 6 million in Canada.