Print this page

Estimated reading time: 2 minutes, 30 seconds

Over 106 million customers affected by Capital One's Data Breach Featured

"I drove 6 hours and ran 2 miles to get just 30 minutes of sunset. A lot of work for a short period of time, but definitely worth it!" "I drove 6 hours and ran 2 miles to get just 30 minutes of sunset. A lot of work for a short period of time, but definitely worth it!"

Paige Thompson was indicted on July 29, 2019 for allegedly stealing data from Capital One Financial Corp. Thompson is charged with gaining access to over one million credit card applications due to a misfiguration within the bank’s firewall settings that Thompson was able to infiltrate. The alleged theft took place on March 23rd of this year when Thompson used a Tor browser to hide her identity and hack into the bank’s files. She was able to not only steal credit card applications but over 140 thousand social security numbers, 80 thousand bank account numbers, and approximately one million Canadian Social Insurance Numbers dating back from 2015.

Capital One was notified by a concerned citizen that they might have been hacked after Thompson bragged about her accomplishment on Slack, Github and Twitter -admitting that she had Capital One’s data and was interested in selling it. Thompson did little to hide her identity – posting her full name to her Github account and using her online alias “erratic” in Meetup and Chatrooms that the FBI was able to trace back to her. In fact, she knew that she had made a mistake taking to her Twitter account to tweet, “Ive basically strapped myself with a bomb vest, f***ing dropping capital ones dox and admitting it.” She later admits; "I wanna distribute those buckets i think first." She stated on Slack, “"I wanna get it off my server that's why Im archiving all of it lol.” If convicted Thompson faces five years in jail and a $250 thousand fine.

It takes months- even years for some organizations to uncover a breach but due to Thompson’s failure to cover her tracks- Capital One was able to discover their data breach earlier than usual thanks to a tip. ““Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” Capital One CEO Richard D. Fairbank said. He went on to apologize to the millions of people who were affected saying, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” He added that the loophole Thompson used to access the data has been fixed - ensuring that another data breach was unlikely.

Capital One is just one of many Fortune 500 companies that have recently been breached - joining the ranks of Yahoo, Experian and Marriott in recent years. Attempting to minimize the damage Capital One said in an official statement that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised. They also wrote that those affected by the breach would be notified through a variety of channels.

If you have opened any account with Capital One since 2015 it’s important that you take the necessary precautions to ensure that your information is protected. Experts advise that customers immediately freeze their credit and check their accounts for any fraudulent activities for the next few months.

Read 1991 times
Rate this item
(0 votes)
Danielle Loughnane

Danielle Loughnane earned her B.F.A. in Creative Writing from Emerson College and has been working in the marketing and data science field since 2015. 

https://danielleloughnane.com/