Capital One Financial Corporation reported a data breach involving an individual who obtained personal information from the bank’s credit card applicants and customers.
The company stated that an “outside individual” was involved.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible,” the company stated. “Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.”
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The incident event affected approximately 100 million individuals in the United States and approximately six million in Canada.
Capital One has technology and other operations in Wilmington. It has been in the news for downsizing office space. The company came to Wilmington with the purchase of the INGDirectonline banking operation from a Dutch financial services company.
Banking operations were not affected and no bank account numbers were obtained, the company indicated.
“Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised,” the released stated.
The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income, according to the release.
Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
- About 140,000 Social Security numbers of our credit card customers
- About 80,000 linked bank account numbers of our secured credit card customers
Affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected.