Queens Bl Junction Bl td 04 by Tdorante10is licensed under CC BY-SA 4.0
Capital One Data Breach Reveals Information on 106 Million
Capital One, the 10th largest bank in the United States, has announced a security breach that resulted in the personal information of 100 million Americans and 6 million Canadians being stolen, including names, addresses, Zip Codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income—basically anything someone would put on a credit card application form. Plus, in an unfortunate turn of phrase, Capital One also says:
No bank account numbers or Social Security numbers were compromised, other than:
- About 140,000 Social Security numbers of our credit card customers
- About 80,000 linked bank account numbers of our secured credit card customers
For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.
Portions of customer credit card data were also stolen, including credit scores, credit limits, balances, payment history, and contact information. However, no credit card numbers or log-in credentials were stolen, so there’s no need to change your passwords or cancel your cards.
The good—if unusual—news is that the FBI has arrested the perpetrator, Paige “erratic” Thompson of Seattle. Capital One doesn’t believe the information was distributed and said it has not only fixed the vulnerability that led to the breach but that it will supply free credit monitoring and identity protection to those affected.
Another bank bites the dust (or eats it). Investing in gold rather than virtual assets is looking more & more attractive!
Good thing I never applied for a credit card with them. They appear to have some good deals. But as usual, when things sound too good to be true, they usually are.
Rich Mogull said that he knows Capital One’s security team and that they generally do a very good job. The more details that emerge about the person who hacked into Capital One’s system, the more it sounds like a unique situation, not the usual negligence of a company doing something stupid like storing confidential data in plaintext on an unprotected server.
And apart from that really weird “No bank account numbers or Social Security numbers were compromised, other than” wording in the announcement, it does seem as though Capital One is responding quickly and appropriately.
That was my feeling. I saw their notice several days ago and it seemed like they handled it well and the breach is only serious for a few people (people who applied for credit in a certain time frame). Most of the info stolen was named and addresses and such, which are all leaked a million other ways already.
My sources tell me this may be only the tip of the iceberg. The hacker had many GB of data involving quite a few other companies, so the could potentially be millions of people.
Ugh, that’s bad. Any sense that she distributed the information? Some of the reporting was suggesting that she thought she was being a white-hat hacker and thus may not have been selling to the highest bidder.
Nothing yet and I follow Troy Hunt of ';–have i been pwned? closely.
I’ve read the same reports about the hacker. I think most of us wonder why she was arrested instead of the corporate entities responsible for keeping our data safe.