Capital One Suffers Data Breach: 100 Million Customers Compromised

Capital One has become the latest victim of a data breach. In all, 100 million customers have been compromised.

July appears to be ending with a bang on the security front. Major credit car company Capital One has suffered from a major data breach. In all, 100 million customers have had their personal information exposed. From CNN:

In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers’ accounts and credit card applications earlier this year.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.

A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

Thompson was arrested Monday in connection with the breach, the Justice Department said. Thompson’s attorney could not be immediately reached for comment.

This is, of course, by no means the biggest data breaches we’ve ever seen. For us, the title of largest data breaches we’ve ever seen belongs to Yahoo! which saw 3 billion accounts compromised. Of course, in terms of number of accounts, we’ve seen larger in other breaches as well. Aadhaar, meanwhile, saw 1 billion people compromised. Marriott Hotels saw 383 million customers compromised. Flipboard saw 150 million users potentially compromised. Equifax saw 145 million exposed. Canva saw 139 million potentially compromised. One other one we saw was the Alteryx data breach which saw 123 million exposed.

So, for us, this doesn’t even come close to cracking the top 5 biggest data breaches ever. Still, that’s not to say this is a small breach by any means. This size certainly puts it up there into the category of quite sizable.

July has certainly seen its fair share of data security incidences. This month kicked things off with Attunity suffering from a data leak. That saw 1TB of data from companies like TD Bank and Ford Motor Company exposed. Later on, the FDA recalled insulin pumps due to an IoT vulnerability that can’t be directly patched. Later on, SmartMate suffered a data leak which saw customer information leak from their smart home devices.

Into the second half of the month, we saw the Bulgarian tax authority get hacked. 5 million citizens were exposed as a result.

So, all in all, this has been a fairly eventful month so far. It is certainly ending with quite a bang with this latest breach, though. On the plus side, at least customers will be able to say that free credit protection will soon be in their wallets thanks to this incident.

Drew Wilson on Twitter: @icecube85 and Facebook.