Capital One Financial has reported a major data breach where a hacker procured personal data of around 106 million individuals.

The hacker has been arrested and is under police custody.

Capital One data breach

In a statement, the bank said that it identified the breach on 19 July. The hacker accessed information related to Capital One credit card customers and those who applied for credit card products.

Based on the bank’s analysis, around 100 million US individuals and six million in Canada were affected.

However, credit card account numbers or log-in credentials were not compromised, the statement added.

Capital One Financial also claimed that more than 99% of Social Security numbers were not compromised.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The bank has already fixed the configuration vulnerability that the perpetrator exploited. Initial probe suggest that the information hacked was not disseminated or used for fraud, however, investigations will continue.

Capital One Financial chairman and CEO Richard Fairbank said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.

“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”

The incident is expected to cost the company around $100m to $150m in 2019. It will encompass costs to inform affected customers, credit monitoring, technology costs and legal support.

A Virginia-based bank, Capital One Financial is a financial holding company catering to consumers, small businesses and commercial clients.

It has two subsidiaries- Capital One and Capital One Bank, and has $373.6bn in total assets.

Vigilance or recovery?

Cyber Intelligence Director of MDR Cyber, Mark Tibbs, said: “The compromise of Capital One involved an enormous amount of data being accessed. According to the institution, the data was exposed due to a configuration setting in cloud storage. We find these kinds of mistakes are all too common for companies operating cloud infrastructure given the complexity of modern businesses and the number of settings that need attention.

“The incident showed that Capital One responded extremely quickly to the incident. Due to the nature of the attack and some clumsy operational security by the alleged attacker, an arrest has been made. This is unusual in a case like this and represents a great result for law enforcement.

“Companies should, however, remain vigilant to the ever-present threat of external attackers and implement proactive measures to ensure their data, particularly sensitive customer data, is held with appropriate security measures in place to prevent their name being the next headline.”