Capital One announces data breach; about 100 million people affected

Officials with Capital One announced Monday the company has suffered a data breach involving about 100 million people in the United States.

In a statement, officials with the financial firm said the breach happened on March 22 and March 23, when a person managed to access customer information via a vulnerability. The vulnerability was reported to the company by a security researcher on July 17, and the breach was discovered on July 19.

Company officials say data collected when a customer applied for a credit card were affected. The data was collected from 2005 to early 2019, and involved personal information of customers, in addition to credit scores, credit limits, balances, payment history, and contact information.

In addition, company officials reported that 140,000 Social Security numbers belonging to the company's credit card customers were stolen, along with 80,000 linked bank account numbers that belong to the company's secured credit card customers.

The data breach also affected Canadian customers, with 1 million Social Insurance Numbers compromised. Overall, about 6 million Canadian customers were affected.

A person believed to be responsible for the incident has been arrested by the FBI, according to officials. Officials also believe the suspect is unlikely to have spread the data around. They also believe it's unlikely the suspect has used the information affected for fraud.

Capital One officials say they will notify those affected and will offer free credit monitoring and identity protection for everyone affected.

Capital One Data Breach Information
U.S. customers - https://www.capitalone.com/facts2019/
English-speaking Canadian customers - https://www.capitalone.ca/facts2019/
French-speaking Canadian customers - https://www.capitalone.ca/facts2019/fr/