Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts

A man stands at the window of an office at a Capital One bank in New York City.

Johannes Eisele | AFP | Getty Images

Capital One said Monday that a data breach identified earlier this month exposed personal information of its customers, including social security details and bank account numbers.

The Virginia-headquartered bank said in a news release that about 140,000 Social Security numbers of its credit card customers and around 80,000 linked bank account numbers were compromised. In total, Capital One said, "this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada."

Still, no credit card account numbers or log-in credentials were exposed and over 99% of Social Security numbers were not affected, according to the bank, which said the unauthorized access occurred on March 22 and 23 of this year.

The FBI arrested a suspect, Paige A. Thompson, who was charged with computer fraud and abuse, according to court records. Authorities said Thompson used the alias "erratic" in online communications and was investigated for "exfiltrating and stealing information, including credit card applications and other documents, from Capital One."

Thompson made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, 2019, the Department of Justice said.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Richard D. Fairbank, chairman and CEO of Capital One, said in the release. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

The bank estimates the hack will cost the company approximately $100 million to $150 million in 2019.

Correction: This article has been updated to reflect that Capital One said it identified the data breach earlier this month.

Read More