On Monday, Capital One admitted that personal info, which includes the names, phone numbers, addresses, and credit scores for roughly 100 million people in the U.S., plus another 6 million in Canada, were acquired by a hacker who has since been arrested by the FBI.
CNN went on to describe the data breach as "one of the biggest ever."
Capital One further said that the hack was discovered on July 19, and that it occurred on either March 22 or 23. They are also claiming that the massive incident will cost somewhere in the neighborhood of $100-150 million due to the price tag(s) of customer notifications, legal support, tech costs, and credit monitoring.
Neither login credentials nor credit card account numbers were accessed in the hack, but roughly 140,000 social security numbers were, in addition to 80,000 bank account numbers that were linked to a card. If you happen to be reading this from Canada, Capital One also said that nearly a million social insurance numbers were similarly compromised.
On top of those numbers, an undisclosed amount of people's names, addresses, balances, credit scores/limits, and other info was also collected.
An external researcher is said to have reported to Capital One the "configuration vulnerability" in a web application firewall was utilized by the hacker. Capital One says that glitch has been fixed, and that it is "unlikely that the information was used for fraud or disseminated by this individual." Their investigation remains open.
The company says that those affected by the hack will be notified, and that they'll receive free identity protection and credit monitoring.
CNN reports that 33-year-old Paige Thompson was arrested in connection with the hack. The Justice Department alleges that Thompson "posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data."
Previously, Thompson was employed as a software engineer.