Capital One

Summary

Approximately 100 million people in the United States and six million people in Canada are impacted by a data breach exposing Capital One credit application information. The data includes 140,000 Social Security numbers, 80,000 bank account numbers, and one million Social Insurance Numbers (SINs) for Canadian credit card customers. According to Capital One, no credit card account numbers or login credentials were exposed. The breach exposed data on customers and small businesses who applied for credit card products from 2005 to early 2019, revealing names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Capital One became aware of the breach through a tip received on July 17 indicating that some of their data was made public on GitHub. On July 29, Paige Thompson was arrested for suspicion of downloading nearly 30 GB of Capital One data via a rented cloud data server. Capital One released a statement addressing the breach and additional information can be found in the KrebsOnSecurity post. Impacted customers are advised to monitor their credit profile for suspicious activity and consider placing credit freezes.