A hacker gained access to 100 million Capital One credit card applications and accounts

Article Image

In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers' accounts and credit card applications earlier this year. CNN's Christine Romans reports.

Posted: Jul 30, 2019 12:06 PM


In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers' accounts and credit card applications earlier this year.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.

A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

Thompson was arrested Monday in connection with the breach, the Justice Department said. Thompson's attorney could not be immediately reached for comment.

Capital One said the hack occurred March 22 and 23 and includes credit card applications as far back as 2005. The company indicated it fixed the vulnerability and said it is "unlikely that the information was used for fraud or disseminated by this individual." However, the company is still investigating.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," said Capital One CEO Richard Fairbank in a statement.

The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.

However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company noted.

Capital One said it will notify people affected by the breach and will make free credit monitoring and identity protection available. The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.

Capital One's stock was down 5% in premarket trading Tuesday.

How Capital One got hacked

The criminal complaint against Thompson paints a picture of a less-than-careful suspect.

Thompson posted the information on GitHub, using her full first, middle and last name, the complaint says. She also boasted on social media that she had Capital One information.

In a channel on Slack, a chat service often used by businesses as well as other groups, Thompson explained the method she used to break into Capital One, the Justice Department alleges. She claimed to use a special command to extract files in a Capital One directory stored on Amazon's servers.

"I wanna get it off my server that's why Im archiving all of it lol," Thompson allegedly posted on Slack. One person was alarmed by what Thompson found, writing that the information was "sketchy," adding, "don't go to jail plz."

Thompson made little effort to disguise her identity. She allegedly used the screen name "erratic" on Slack, which was the same handle she used on a Twitter account and a Meetup chatroom page.

The FBI special agent who investigated Thompson believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.

One person who saw the information on GitHub notified Capital One of the "leaked data" belonging to the company. Capital One notified the FBI, and an agent searched Thompson's residence on Monday. They found devices in her possession that reference Capital One and Amazon as well as other entities that may have been targets of attempted — or actual -- breaches.

The complaint indicates Thompson "recognizes that she has acted illegally."

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 31376

Reported Deaths: 1976
CountyConfirmedDeaths
Marion9132533
Lake3260167
Cass15816
Allen124065
St. Joseph115534
Hendricks111765
Hamilton109691
Johnson1080104
Elkhart99127
Madison58058
Bartholomew47433
Porter47321
Clark45338
LaPorte39921
Tippecanoe3693
Jackson3591
Delaware34933
Howard34517
Hancock31727
Shelby31221
Floyd31238
Boone28135
Morgan25824
Vanderburgh2422
Decatur22231
White2218
Montgomery22116
Clinton2081
Harrison18421
Noble18120
Grant18120
Dubois1782
Greene16723
Warrick16426
Dearborn16221
Monroe15810
Henry1566
Lawrence14222
Vigo1417
Miami1371
Putnam1317
Jennings1264
Orange12422
Scott1163
Ripley1126
Franklin1068
Carroll912
Daviess8116
Steuben792
Kosciusko781
Newton7410
Wabash722
Wayne695
Marshall641
Fayette634
LaGrange602
Jasper541
Washington521
Fulton461
Rush452
Jay430
Jefferson411
Clay391
Pulaski390
Randolph383
Whitley342
Brown331
Sullivan321
Starke313
Owen311
DeKalb281
Knox240
Benton240
Crawford230
Perry230
Huntington222
Tipton221
Wells220
Blackford201
Switzerland190
Fountain172
Posey170
Parke170
Spencer141
Gibson132
Ohio130
Adams121
Warren121
Vermillion90
Martin90
Union80
Pike60
Unassigned0152

Ohio Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 31911

Reported Deaths: 1969
CountyConfirmedDeaths
Franklin5188228
Cuyahoga3927209
Marion261721
Hamilton2403128
Lucas2107229
Pickaway204235
Mahoning1334169
Summit1220159
Butler77625
Stark68289
Lorain64158
Montgomery59315
Trumbull52542
Columbiana47850
Belmont38412
Miami34830
Warren32819
Tuscarawas3122
Portage31058
Delaware29613
Medina28819
Ashtabula27732
Wood27445
Lake26711
Geauga25629
Wayne24850
Fairfield2403
Clark2066
Licking20410
Allen18931
Mercer1843
Richland1833
Clermont1815
Erie1555
Darke15116
Madison1337
Washington11718
Morrow1041
Crawford1043
Greene935
Ottawa907
Putnam8514
Monroe7111
Hocking654
Sandusky6510
Ross632
Jefferson622
Auglaize593
Huron521
Williams511
Hancock481
Muskingum450
Union430
Clinton430
Hardin400
Shelby402
Logan370
Wyandot362
Fulton360
Fayette340
Defiance322
Preble311
Guernsey310
Lawrence280
Carroll282
Champaign261
Holmes251
Brown241
Coshocton240
Knox231
Vinton190
Perry181
Highland181
Seneca182
Ashland170
Scioto150
Henry140
Athens141
Paulding130
Jackson110
Harrison100
Adams81
Gallia71
Pike60
Meigs60
Morgan50
Noble50
Van Wert50
Unassigned00
Fort Wayne
Clear
70° wxIcon
Hi: 86° Lo: 65°
Feels Like: 70°
Angola
Few Clouds
68° wxIcon
Hi: 84° Lo: 66°
Feels Like: 68°
Huntington
Clear
70° wxIcon
Hi: 85° Lo: 66°
Feels Like: 70°
Decatur
Clear
70° wxIcon
Hi: 85° Lo: 65°
Feels Like: 70°
Van Wert
Clear
70° wxIcon
Hi: 85° Lo: 65°
Feels Like: 70°
Few PM Storms Memorial Day
WFFT Radar
WFFT Temperatures
WFFT National

Community Events