Business World

Wednesday 21 August 2019

US lender Capital One hit by mass hack

A hacker targeted Capital One. Photo: AFP/Getty Images
A hacker targeted Capital One. Photo: AFP/Getty Images

Uday Sampath

US lender Capital One has said that personal information including names and addresses of about 100 million individuals in the United States and six million people in Canada was obtained by a hacker who has been arrested.

The suspect, a 33-year-old former Seattle technology company software engineer identified as Paige Thompson, made her initial appearance in a district court in Seattle on Monday, the US Attorney's Office said.

Please log in or register with Independent.ie for free access to this article.

Log In

According to a complaint filed in the District Court for the Western District of Washington in Seattle, Ms Thompson posted information from her alleged hack, which occurred between March 12 and July 17, on coding platform GitHub. Another user saw the post and notified Capital One.

Law enforcement officials were able to track her down as the page she posted on contained her full name as part of its digital address, the complaint said. Capital One said it identified the hack on July 19.

The Attorney's Office said it was not immediately clear what the motive was.

The incident is expected to cost between $100m (€90m) and $150m in 2019, mainly due to customer notifications, credit monitoring and legal support, Capital One said.

The hacker did not gain access to credit card account numbers, but about 140,000 social security numbers and 80,000 linked bank account numbers were compromised, Capital One said. Other personal information accessed included phone numbers and credit scores. About a million social insurance numbers of the company's Canadian credit card customers were also compromised.

The hacker gained access to the data through a misconfigured web application firewall, the Attorney's Office said.

Credit-reporting firm Equifax said last week it would pay up to $700m to settle claims it broke the law during a 2017 data breach, when roughly 147 million people had information, including social security numbers, compromised.

Reuters

Irish Independent

Also in Business