On Monday, banking institution and credit card issuer, Capital One, revealed that a software engineer hacked into a server and obtained personal data for over 100 million Americans and 6 million Canadians.
According to TechCrunch, The New York Times, The Verge, and many others, the stolen information includes names, addresses, phone numbers, dates of birth, Social Security numbers, self-reported income, and other credit card application data. Additionally, consumers and small businesses who applied for credit cards from 2005 to early 2019 are most at risk.
The financial giant said the hack occurred on March 22 and March 23 when suspect, Paige Thompson, exploited a misconfigured web application firewall. Thompson is a former software engineer for Amazon Web Services — the cloud hosting company that Capital One was using.
Along with accessing personal data, Thompson, who goes by the online handle “erratic” tried to share the information with others online. A criminal complaint states that the FBI tracked her down after “information obtained from the intrusion” was found on a GitHub page with Thompson’s name attached to it.
Thompson also posted about the incident on MeetUp, Twitter, and Slack. “I’ve basically strapped myself with a bomb vest,” she wrote in a Slack post, according to prosecutors, “dropping capital ones dox and admitting it.”
Currently, Thompson is police custody where she has been charged with one count of computer fraud and abuse.
In a statement Capital One CEO, Richard D. Fairbank, apologized, saying:
“I am deeply sorry for what has happened,” Fairbank wrote. “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”
In the wake of the data breach, Capital One is offering free credit monitoring and identity protection to anyone affected.