Tuesday, January 14, 2025
HomeCyber Security NewsCapital One Hacked - Over 100 Million Credit Card Application Data Exposed

Capital One Hacked – Over 100 Million Credit Card Application Data Exposed

Published on

Capital one hacked, the hack exposed more than 100 million customers data across the US and Canada. The breach was learned by Capital One Financial Corporation on July 19, 2019.

Following are the personal information affected with the breach that includes names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, credit scores, credit limits, balances, payment history, contact information, and self-reported income.

The leaked data includes 140,000 Social Security numbers and 80,000 linked bank account numbers, according to the company statement “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.”

Unauthorized Access

Capital One reads the unauthorized access first on July 19, 2019, “unauthorized access by an outside individual who obtained certain types of personal information” of customers who applied for credit cards Capital One.

The affected data also includes fragments of transaction data “from a total of 23 days during 2016, 2017 and 2018”, the company expects this hack could cost “approximately $100 to $150 million in 2019″.”

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman, and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

The major part of the leaked information includes information on consumers and small businesses as who applied for credit cards between 2005 through early 2019.

Capital One Hacked – Tech Worker Arrested

As soon they aware of the intrusion they immediately fixed the vulnerability and started working with FBI, the FBI has arrested the tech worker associated with the breach.

According to court records, a woman Paige A. Thompson a/k/a erratic, 33, posted on GitHub about her theft of information form Capital One server, the intrusion occurs because of a misconfigured web application firewall that enabled data access. She is detained and pending for hearing on August 1, 2019.

“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” said U.S. Attorney Moran. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...