• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Massive data breach hits Capital One affecting more than 100 million customers

J

JORMBO

Darkness no more
www.usatoday.com

Massive data breach hits Capital One, affecting more than 100 million customers

A Seattle woman is accused of stealing personal data from 100 million Capital One credit card applications in one of the largest data breaches.
www.usatoday.com

Capital One said Monday personal information, including Social Security and bank account numbers, of more than 100 million individuals was compromised in a massive data theft that led to the arrest of a Seattle woman.
Click to expand...

Paige A. Thompson is accused of stealing data from Capital One credit card applications in what is one of the top 10 largest data breaches ever.
Click to expand...

The FBI arrested Thompson Monday for the theft, which occurred between March 12 and July 17, court records show. Among the data allegedly collected from a company cloud-based server were Social Security and bank account numbers.
Click to expand...

Capital One said in a news release that “100 million individuals in the United States and approximately 6 million in Canada” were affected.
Click to expand...

About 140,000 Social Security numbers were accessed and 80,000 bank account numbers from credit card customers, Capital One said.
Other data that was obtained includes credit scores, limits, balances and “fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.”
Click to expand...
 
Hari Seldon

Hari Seldon

Member
Whelp time to refreeze my credit again. I don't understand the point of credit rating anymore when you basically have to keep it frozen 100% of the time cause these retards can't do security.
 
Pagusas

Pagusas

Elden Member
Hari Seldon said:
Whelp time to refreeze my credit again. I don't understand the point of credit rating anymore when you basically have to keep it frozen 100% of the time cause these retards can't do security.
Click to expand...

You do understand that having your score frozen doesn’t prevent it from changing, right? It just prevents others from passing a credit check using your info.
 
ThatStupidLion

ThatStupidLion

Member
have cap1 checking, savings, and CC.

they havent contacted me yet. i guess i should reach out to the bank and find out about my info...god damnit i hate this shit. time to change everything again. and know someone out there has my SS and every other piece of identity of mine.

at this point i feel like identity security companies are doing the hacks to make people feel the need to subscribe to their services

i see that theyve caught one of the suspects though? or someone associated with it. its crazy that they were posting about it on github
 
Last edited:
Tesseract

Tesseract

Banned
quickwhips said:
Time to move to crypto as credit cards cant be trustee.
Click to expand...

oh yeah you should totally move all your assets into a decentralized platform that's easily hacked (crypto users aren't the smartest lot) and basically completely insuperable by local systems
 
Last edited:
EverydayBeast

EverydayBeast

thinks Halo Infinite is a new graphical benchmark
Capital One went from Capital One to Capital Two!
giphy.gif
 
S

SLoWMoTIoN

Unconfirmed Member
That crackhead looking bitch deserves death. She sold 100 million people's info.

This is what Capital One is telling people on their site.

Date: July 29, 2019

Capital One Financial Corporation (NYSE: COF) announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.


"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, Chairman and CEO. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
Click to expand...

Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.

Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.

Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:

  • Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
No bank account numbers or Social Security numbers were compromised, other than:

  • About 140,000 Social Security numbers of our credit card customers
  • About 80,000 linked bank account numbers of our secured credit card customers
For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.

We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.

Safeguarding applicant and customer information is essential to our mission and our role as a financial institution. We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses.

The investigation is ongoing and analysis is subject to change.
 
Last edited by a moderator:
R

Rock And Roll

Member
Well I'm Canadian and have an account with them. Great to know I could be one of the 1 out of 6 people who now have their SIN floating around the web.

Back in the day one of my employers made it mandatory for us to sign up through ADP Workforce and I was not thrilled about it because shit like this can happen. Everything is safe and secure until it isn't anymore. People used to say I was paranoid and thought I was being "difficult" for not using social media and other services. Now there's a pretty decent chance my information is out there.
 
Phunkydiabetic

Phunkydiabetic

Banned
Whataburger said:
That crackhead looking bitch deserves death. She sold 100 million people's info.

This is what Capital One is telling people on their site.

Date: July 29, 2019

Capital One Financial Corporation (NYSE: COF) announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.

Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.




Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.

Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.

Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:

  • Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
No bank account numbers or Social Security numbers were compromised, other than:

  • About 140,000 Social Security numbers of our credit card customers
  • About 80,000 linked bank account numbers of our secured credit card customers
For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.

We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.

Safeguarding applicant and customer information is essential to our mission and our role as a financial institution. We have invested heavily in cybersecurity and will continue to do so. We will incorporate the learnings from this incident to further strengthen our cyber defenses.

The investigation is ongoing and analysis is subject to change.
Click to expand...

You feel she deserves "death". Settle down there Paul Kersey.
 
S

SLoWMoTIoN

Unconfirmed Member
Elcid said:
125-375 if you look at my thread.
Click to expand...
You only get something if you lost money. If you didnt you can't file dick even though they literally sold your info. I figured the government wouldn't do anything outside putting a guy in jail.
 
eddie4

eddie4

Genuinely Generous
I just got a letter from a recruiter that Capital One is looking for a DevOps Security Engineer..... :messenger_tears_of_joy:
 
Last edited:
You must log in or register to reply here.

Similar threads

[WSJ] LastPass, a Password Manager With Millions of Users, Is Hacked (No user data was compromised)
News Clickbait
46
3K
Jinzo Prime replied
Uber ‘in contact with the FBI’ over potential GTA 6 hacker
News
10
1K
Badlucktroll replied
  • Poll
PLAYSTATION 6: Potential Innovations, Features, Business Strategies & More (Speculation)
Opinion Analysis Platform 2 3 4
181
13K
hussar16 replied
Crytek confirms Egregor ransomware attack, customer data theft
News
3
9K
Fake replied
[Insider Gaming] Inside Ubisoft – From Low Morale To Internal Tensions
Game Dev
26
2K
BacklashWave534 replied
Top Bottom