Massive data breach hits Capital One affecting more than 100 million customers

Kelly Tyko

Capital One said Monday personal information, including Social Security and bank account numbers, of more than 100 million individuals was compromised in a massive data theft that led to the arrest of a Seattle woman. 

Paige A. Thompson is accused of stealing data from Capital One credit card applications in what is one of the top 10 largest data breaches ever.

The FBI arrested Thompson Monday for the theft, which occurred between March 12 and July 17, court records show. Among the data allegedly collected from a company cloud-based server were Social Security and bank account numbers.  

Capital One said in a news release that “100 million individuals in the United States and approximately 6 million in Canada” were affected. 

Equifax will pay Americans hit by breach: Take these steps to file claim for $125 or more

LAPD data breach: Personal information of thousands of LAPD officers and applicants exposed

The breach was discovered on July 19 and the company said it “immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.”

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, Capital One chairman and CEO, in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

About 140,000 Social Security numbers were accessed and 80,000 bank account numbers from credit card customers, Capital One said.

The bank said "the largest category of information" accessed from applicants who applied for credit cards between 2005 and 2019 was personal information including names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data that was obtained includes credit scores, limits, balances and “fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.”

Last week, Equifax reached a deal with the Federal Trade Commission, Consumer Financial Protection Bureau and 50 states on the 2017 breach that affected approximately 147 million Americans.

The deal calls for Equifax to pay at least $575 million, including $300 million for free credit monitoring services, $175 million to states, the District of Columbia and Puerto Rico and $100 million in penalties to the CFPB.

And Monday, the Los Angeles Police Department reported a data breach exposing personal information of thousands of officers and applicants.  

Capital One said in the release the incident is expected to cost between $100 to $150 million in 2019. 

This story is developing and will be updated.

Follow USA TODAY reporter Kelly Tyko on Twitter: @KellyTyko

This article originally appeared on USA TODAY: Capital One data breach 2019: Millions affected in new breach