Capital One reported a massive data breach affecting 100 million people in the US that exposed the names, addresses, phone numbers, and email addresses used on their credit card applications. A 33-year-old Seattle woman named Paige Thompson allegedly exploited a vulnerability in Capital One’s online databases to steal the credit card application documents, according to the criminal complaint filed by the FBI. Approximately 140,000 credit card customers in the US had their Social Security numbers stolen in the breach. Another 80,000 customers had their bank account numbers exposed.
Capital One became aware of the breach on July 17 when a security researcher emailed to say the company’s private information had been leaked to a GitHub page, which the FBI claims was registered to Thompson. According to the FBI, Thompson set up servers at an unnamed cloud computing company to exploit the flaw. She then sent commands to Capital One’s databases starting in March to steal login credentials and access over 700 company folders. A copy of all the data was then created and exfiltrated in the following weeks.
Thompson has now been arrested and the vulnerability has been patched.
Editorial credit: Supannee_Hickman / Shutterstock.com