Well, this is not good.
Finance services giant Capital One announced Monday that there had been a major cybersecurity incident directly affecting 100 million Americans and six million Canadians. Specifically, a host of their customers’ private financial data had been accessed by a hacker.
According to a statement issued by the company, two separates breaches occurred — once on March 22 and another on March 23 — and were discovered on July 19.
Bloomberg reports that a Seattle woman has been arrested and accused of hacking Capital One’s server at an unnamed cloud-computing company.
Notably, it seems that although the customer data in question was encrypted, the hacker was able to decrypt it.
And just what customer data, exactly, was accessed? Quite a bit, it turns out: “names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income,” for starters.
But it doesn’t end there. “Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information” and “Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018” were also accessed.
Some victims have it worse off than others, as 140,000 social security numbers were also accessed along with 80,000 “linked bank account numbers.”
Unsurprisingly, the CEO of Capital One is not happy about this.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank said in the aforementioned company statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The company says it will notify affected customers “through a variety of channels” and offer free credit monitoring.
Which, great, we all feel so much better now.