Capital One said Monday that a data breach identified earlier this month exposed personal information of its customers, including Social Security details and bank account numbers.
The Virginia-headquartered bank said in a news release that about 140,000 Social Security numbers of its credit card customers, around 80,000 linked bank account numbers, and one million Canadian Social Insurance numbers were compromised. Additional information including names, addresses, phone numbers, credit scores and credit limits were also exposed. In total, Capital One said, "this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada."
Still, no credit card account numbers or log-in credentials were exposed and over 99% of Social Security numbers were not affected, according to the bank, which said the unauthorized access occurred on March 22 and 23 of this year.
The FBI arrested a suspect, Paige A. Thompson, who was charged with computer fraud and abuse, according to court records. Authorities said Thompson used the alias "erratic" in online communications and was investigated for "exfiltrating and stealing information, including credit card applications and other documents, from Capital One."
The criminal complaint alleged that Thompson posted the stolen data online on information sharing site GitHub and made statements on social media "evidencing the fact that she has information on Capital One, and that she recognizes that she has acted illegally."
Thompson made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, 2019, the Department of Justice said.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Richard D. Fairbank, chairman and CEO of Capital One, said in the release. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
The bank estimates the hack will cost the company approximately $100 million to $150 million in 2019.
Correction: This article has been updated to reflect that Capital One said it identified the data breach earlier this month.