A software engineer in Seattle hacked into a server holding customer data for Capital One and stole millions of credit card applications, federal prosecutors said on Monday. The engineer, Paige Thompson, gained access to 120,000 Social Security numbers and 77,000 bank account numbers, according to court papers, and tried to share the information with other users in an online chat group.
The company on Monday disclosed the breach, saying that about 100 million people over all were affected. “This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, ZIP codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income,” the company said.
In an earlier breach in 2017, Capital One notified customers that a former employee may have had access for nearly four months to their personal data, including account numbers, telephone numbers, transaction history and Social Security numbers. The company reported a similar breach involving an employee in 2014.
Last week, the credit bureau Equifax settled claims from a 2017 data breach that exposed sensitive information on over 147 million consumers, costing it about $650 million.
This is a developing story and will be updated.