Capital One data breach may involve 100 million people
Capital One is admitting a "data security incident" from March of 2019 — one that looks to impact about 100 million people in the U.S. and about 6 million in Canada, including names, addresses, birth dates, credit scores and more.
The hacker, in this case, is actually known — and in custody. But what has happened to the data is unknown, and the company says it will "continue to investigate."
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, Chairman and CEO in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
Read More:
- Two-thirds of hotel websites leak sensitive customer data
- 2019 data breaches and how to up your cyber security game
- Equifax data breach has 2.4M more victims than first thought
Data breaches are a growing problem. One of the most recent hack involves Equifax, which impacted more than 147 million people, and has forced the company to set aside $700 million as a settlement.
Just one person is responsible for the hack, according to the company, breaking into Capital One's system through a "configuration vulnerability," which was discovered by an outside security expert on July 17. Capital One verified the hack two days later, which impacted those people who had applied for credit cards.
Customer credit card numbers and even log-in details are not said to be impacted. But Social Security numbers were involved in the hack, about 140,000 of U.S. customers — and one million people in Canada.
Additionally, 80,000 bank accounts linked to the credit cards were accessed as well. The data came from records spread over 23 different days across three years: 2016, 2017 and 2018.
While Capital One said it encrypts data, in this case, the hacker was able to decrypt the data. However, most of the Social Security and all of the account numbers were protected via "tokenization," said the company which replaces the number with other details, and protected the bulk of these details.
The vulnerability is now fixed, said Capital One, which is alerting customers who were impacted, and also offering free credit monitoring and identify protection to them as well.