On Monday, a tech engineer in the western US state of Washington was arrested for allegedly stealing sensitive data from more than 100 million credit card applications at financial heavyweight Capital One.
The 33-year-old Paige Thompson, a former Seattle technology company software engineer, was captured by FBI agents after she boasted about the data theft. The US attorney’s office in Washington said in a statement, “The intrusion occurred through a misconfigured web application firewall that enabled access to the data.”
“On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft,” it added.
The data theft took place between March 12 and July 17 of this year and it was informed to the FBI by the Virginia-based bank that specializes in credit cards. As per the criminal complaint, “According to Capital One, the data includes data regarding large numbers of (credit card) applications, likely tens of millions of applications.”
The hacking has cheated 100 million individuals in the United States and six million in Canada, said Capital One in a statement.
“Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of social security numbers were not compromised,” the bank said.
The authorities said that they have recovered electronic storage devices containing a copy of the stolen data from her residence on Monday. According to Capital One, some information in the applicants were stolen such as social security is encrypted or tokenized.
Richard Fairbank, the company’s chairman, and CEO said in a statement, “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.”
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” he added.