WASHINGTON – Capital One, the Virginia-based bank with a popular credit card business, announced Monday that a hacker had accessed about 100 million credit card applications, and investigators say thousands of Social Security and bank account numbers were also taken.
The FBI has arrested a Seattle-area woman, Paige Thompson, on a charge of computer fraud and abuse, according to court records.
The hack appears to be one of the largest data breaches ever to hit a financial services firm. In 2017, the credit-reporting company Equifax disclosed that hackers had stolen the personal information of 147 million people. Last week, it reached a $700 million settlement with U.S. regulators over that breach.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard Fairbank, Capital One's chairman and chief executive. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
The hack is expected to cost the company between $100 million and $150 million in the near term, Capital One said.
In announcing the data breach, Capital One emphasized that no credit card numbers or log-in credentials were compromised, nor was the vast majority of Social Security numbers on the affected applications.
It is unusual in a major hacking case for a suspect to be apprehended so quickly, and in this case, that was apparently due to boasts made online.
Thompson, who authorities say used the name "erratic" in online conversations, is suspected of "exfiltrating and stealing information, including credit card applications and other documents, from Capital One," according to a criminal complaint filed in federal court. She was ordered to remain in jail pending a detention hearing scheduled for Thursday, according to court records.