Breaking News
More () »

Who, what was affected by Capital One data breach

More than 100 million credit applications were accessed. Here's what you need to know.

A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a Seattle woman as a suspect in the case.Here is a look at what was and was not breached, according to Capital One.

RELATED: Capital One data breach: 100 million affected in the US

RELATED: Here are the 100,000 most hackable passwords

When was it found?

Capital One said it determined on July 19 that there was "unauthorized access" by someone on the outside.

What was accessed?

  • 140,000 Social Security numbers of Capital One credit card customers.
  • 80,000 linked bank account numbers of Capital One credit card customers
  • 1 million Social Insurance Numbers of Canadian Capital One customers.
  • Information on consumers and small businesses when they applied for a credit card between 2005 and 2019. This could include names, birth dates, self-reported income, addresses, zip codes, phone numbers and email addresses.
  • Some customer credit scores, credit limits, balances and payment history were also compromised, along with some transaction data from a total of 23 days between 2016-2018

Has anyone used the stolen information?

The company says it does not believe the information has been used in a fraudulent way, but it is continuing its investigation

What is Capital One doing in the aftermath?

The company says it is offering free credit monitoring and identity protection to all those whose information was accessed. The company also says it immediately fixed the "vulnerability" that allowed someone to gain access.

Who is the suspect?

Paige A. Thompson was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. She allegedly goes by the handle "erratic."

According to the FBI complaint, someone emailed Capital One on July 17 notifying it that leaked data had appeared on the code-hosting site GitHub, which is owned by Microsoft.

And a month before that, the FBI said, a Twitter user who went by "erratic" sent another user direct messages warning about distributing the bank's data, including names, birthdates and Social Security numbers. That user later reported the message to Capital One.

"Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it," one said. "I wanna distribute those buckets i think first."

Before You Leave, Check This Out