Capital One Hack Exposes 100M Accounts

Last updated:

Capital One has revealed that more than 100 million customers had their personal information hacked, including credit scores, credit limits, balances, payment history, and contact information, as well as 140,000 Social Security numbers and 80,000 linked bank account numbers of secured credit card customers.

Confidential data for around 106 million Capital One customers’ accounts and credit card applications was stolen by an alleged hacker, Paige Thompson, 33, in March of this year.

Thompson was arrested by the FBI on June 29 and is accused by the US Department of Justice of having gained unauthorised access to personal data that included names, addresses, zip codes, phone numbers, email addresses, dates of birth and self-reported income.

ll this data is collected by Capital One “routinely” each time it receives credit card applications, the company has revealed in an official statement.

Thought to have affected roughly 100 million United States customers and 6 million Canadians, the suspect allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, as well as data pertaining to customers’ credit scores, credit limits, balances

Thompson had formerly worked as a software engineer for a cloud hosting company used by Capital One. Her access to the company’s servers was facilitated by exploiting a misconfigured web application firewall, according to court filings.

Capital One says that immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO.

“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Capital One say that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.

“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.”

Capital One say that they will notify affected individuals through a variety of channels and will make free credit monitoring and identity protection available to everyone affected.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.


By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.


You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.


Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services