Over 100 million customers were compromised in a massive data breach at the financial giant and credit card issuer Capital One has announced, saying the perpetrator who is a Seattle-based woman has been arrested.
The actual crime occurred on March 22-23 this year and for as many as 140,000 individuals, the exposure included Social Security Numbers while for 80,000, their linked bank account numbers as well, said Capital One which is a major credit card issuer in the US and also operates retail banks.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate,” the company said in a statement late Monday.
The data leak affected approximately 100 million individuals in the US and approximately 6 million in Canada.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO, Capital One.
“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”
However, no credit card account numbers or log-in credentials were compromised and over 99 per cent of Social Security numbers were not compromised, claimed the company.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the infrastructure.