An alleged hacker who accessed the personal information of as many as 6 million Canadian Capital One credit applications has been arrested by the FBI, the bank said Monday.
Paige A. Thompson was charged with a single count of computer fraud and abuse in a U.S. District Court in Seattle. Thompson, who also goes by the handle “erratic”, made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday, according to media reports.
Capital One said the hacker got credit scores and balances in addition to the social insurance numbers of about 140,000 customers. The bank added it will offer free credit monitoring services to those affected.
The data breach affected about 100 million people in the U.S.
The bank said it found out about the vulnerability in its system July 19 and quickly sought help from law enforcement to catch the person behind the breach.
The FBI complainant that charged Thompson noticed the alleged hacker post stolen information from servers that stored data for Capital One on Microsoft-owned Github.
Capital One said the largest category of information accessed was information on consumers and small businesses as of the time they applied for one the bank’s credit card products from 2005 through early 2019. This information included personal information such as names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
The alleged hacker also obtained portions of credit card customer data, including customer status data such as credit scores and credit limits. More than 140,000 social security numbers and approximately 80,000 linked bank account numbers of the bank’s secured credit card customers were compromised.
“We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected,” the bank said in a press release.