Data breach in Capital One hits 106 million people and suspect arrested

Capital One announced a data breach that disclosed the personal information of 106 million people, including transaction data, credit notes, payment history, balances and, for some, bank accounts and social Security.

The data breach was discovered when an ethical hacker responsibly disclosed the vulnerability to Capital One on July 17, 2019. After an internal investigation to determine if this vulnerability had already been used, Capital One discovered that 39, an unauthorized person had access to their systems and to their client. data between March 22 and 23, 2019

"On July 19, 2019, we determined that an outside individual had obtained unauthorized access to certain types of personal information relating to individuals who requested credit card products and customers issuing credit cards. Capital One credit, "said Capital One in a data security incident. note. "This happened on March 22 and 23, 2019."

Their investigation revealed that the unauthorized user was able to access information regarding 100 million people in the United States and 6 million people in Canada. After correcting the vulnerability used in the offense, they provided information to the FBI that arrested the suspected hacker.

Although no credit card account number or login ID has been accessed, a wide range of other information has been accessed.

Capital One will inform each user concerned by the email and provide a free credit monitoring service.

Due to the amount of personal information on display and how it can be used for identity theft, users are strongly advised to monitor their credit report for suspicious activity and to report. immediately any item detected to the police, to Capital One and to credit reporting agencies. .

It is also strongly suggested to freeze your credit report if you were concerned, which would prevent bad actors from fraudulently obtaining credit on your behalf.

A suspect arrested by the FBI

A Seattle member, Paige Thompson, was arrested by the FBI in connection with the hacking of Capital One's systems.

According to the New York Times, Thompson was the organizer of a Meetup Group called the Seattle Warez Kiddies that addressed everyone with a deep knowledge of distributed systems, programming, hacking, cracking, scripting, electronics, Linux, etc. "

Investigators said she had used the "erratic" online pseudonym and law enforcement officers had been able to verify her identity after posting an image of a veterinarian's bill.

Capital One rebadures investors

After noticing the impact of large data breach announcements on the share price of other companies, Capital One uses the security incident advisor to dispel the fears of its investors.

According to Capital One, this incident is expected to generate costs of about $ 100 million to $ 150 million in 2019 due to customer notifications, free credit monitoring services, increased security and security costs. legal fees.

"We expect the incident to generate additional costs of approximately $ 100 to $ 150 million in 2019. Expected costs are primarily related to customer notifications, credit monitoring, technology costs and legal support.We plan to accumulate customer notification and credit monitoring costs in 2019. Expected incremental costs related to the incident will be accounted for separately as an adjustment, as far as they relate to the financial results of the company. "

Even with these additional costs, Capital One claims to have purchased cyber security insurance that can cover up to $ 400 million with a $ 10 million deductible.

That said, they are trying to rebadure investors that this breach will have little effect on their bottom line and "badert its existing efficiency expectations, which in any case do not hold not account for adjustments ".

Updated on 29/07/19: Added information about the suspected suspect.