FBI make arrest after hacker steals personal details of more than 100 million Capital One customers
Credit card giant Capital One has revealed that the personal details of about 106 million of its customers across the US and Canada were stolen in a hacking assault believed to be one of the largest in banking history.
Capital One said the data included names, addresses and phone numbers of people who applied for its products.
The alleged hacker, Paige Thompson, was arrested on Monday after reportedly boasting about the breach online.
Reports described how Thompson presented herself on social media as a cat-loving software engineer, who found it hard to make friends and was open about her struggles as a transgender woman.
An FBI investigation concluded Thompson — who allegedly went by the online handle “Erratic” — used her computer skills to obtain the personal information of more than 100 million Capital One credit card customers and applicants, and intended to share it online.
But Capital One, a major credit card issuer in the US which also operates retail banks, said she did not gain access to credit card account numbers.
The FBI painted a picture of a disturbed Thompson who regularly shared details of her own life online, from information about her beloved cat, Millie, to talking about her desire to kill herself.
She frequently posted photos of the feline and mourned the pet when it was put down last Tuesday, calling the death, “One of the most painful and emotionally overwhelming experience I’ve had in my life.”
It was a veterinarian letter Thompson posted on July 19 with her home address that ultimately led FBI agents to her door.
Capital One said in a statement released this week that the breach affected approximately 100 million individuals in the US and six million people in Canada.
The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.
In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
The hack was identified on 19 July.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the company’s infrastructure.
Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.