Capital One Financial Corp., the fifth-largest U.S. credit-card issuer, said a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever bank data breaches, reports the Wall Street Journal. Paige Thompson, 33, was arrested by federal agents in Seattle. She is accused of breaking through a Capital One firewall to access customer data that the bank had stored on Amazon.com Inc.’s cloud service. Most of the exposed data involves information submitted by customers and small businesses that applied for Capital One credit cards between 2005 and 2019, including addresses, dates of birth and self-reported income.
Thompson is a former employee of Amazon Web Services Inc. A criminal complaint says her résumé showed she worked at a cloud-computing company, which the government didn’t name, as a systems engineer from 2015 to 2016. The breach compromised 140,000 Social Security numbers and 80,000 bank account numbers, as well as some customers’ credit scores, payment histories and credit limits. A 2017 breach at credit-reporting company Equifax Inc. exposed the data of nearly 150 million Americans and focused public and congressional attention on the sensitive information that financial companies keep on their customers. The Capital One breach could prove damaging if criminals use the stolen information to apply for credit in the names of the most creditworthy or affluent people. Although the bank said it is unlikely the stolen information was disseminated or used for fraud, the complaint alleges Thompson intended for the data to be distributed online. Under the username “erratic,” Thompson boasted online about her alleged theft of the data, which allowed law enforcement to identify her.