Business

Hacker obtained personal information of 6 million people in Canada

Capital One Financial Corp. said Monday that the personal information of about 100 million individuals in the United States and six million people in Canada were obtained by a hacker who has since been arrested.

Stolen data includes names, addresses, phone numbers and credit scores

Capital One Financial Corp. says the personal information of more than 100 million customers, including six million people in Canada, was obtained by a hacker who has since been arrested. (Jeff Chiu/The Associated Press)

Capital One Financial Corp. said Monday that the personal information — including names, addresses, phone numbers and credit scores — of about 100 million individuals in the United States and six million people in Canada were obtained by a hacker.

About one million social insurance numbers of the company's Canadian credit card customers were also compromised.

Capital said it became aware of the hack on July 19.

The U.S. Justice Department said Paige Thompson, a former Seattle technology company software engineer, was arrested on Monday on a criminal complaint charging computer fraud and abuse for hacking into Capital One Financial Corp.'s stored data.

About 140,000 social security numbers and 80,000 linked bank account numbers were compromised, Capital One said. The company also said credit card numbers were not affected.

The breach is expected to cost between $100 million US and $150 million in 2019, mainly due to customer notifications, credit monitoring and legal support, Capital One said.

According to the 12-page criminal complaint, the hacker allegedly posted information from her hack on the coding platform GitHub. The hacker was able to gain access to the data through a misconfigured web application firewall, the U.S. attorney's office said.

A GitHub user alerted Capital One to the potential data theft, who in turn alerted the Federal Bureau of Investigation, according to the DOJ's statement.

The allegations have not been proven in court. Thompson, 33, made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, according to the statement.

Investigators say Thompson is known by the alias "erratic."

A representative for the U.S. attorney's office said it was not immediately clear what the suspect's motive was.

"Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual," Capital One said in a statement. "However, we will continue to investigate."

With files from CBC News

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.