Capital One Financial Corporation has revealed that it suffered a massive data breach, which affected millions of customers in both the US and Canada.
In a release, the corporation said that it first became aware of the hack on July 19, after determining that there was an unauthorised access by an outside individual. The hacker is believed to have obtained personal information on Capital One credit card customers as well as credit card application data – which includes information on credit scores, credit limits, balances, payment history, and contact information.
After analysing the extent of the breach, Capital One said that the event affected about 100 million individuals in the US, and another six million in Canada. About 40,000 social security numbers were exposed as a result of the hack, as well as about 80,000 linked bank account numbers.
In addition, approximately one million social insurance numbers of Canadian credit card customers were compromised by the breach incident.
As soon as the breach was detected, the company immediately worked to fix the configuration vulnerability that the hacker had exploited. Capital One also cooperated with the FBI, which led to the quick arrest of the person suspected to be behind the cyberattack.
The company believes that, based on its own analysis, it is unlikely that the information stolen by the hacker was used for fraud or was leaked to the public. Capital One, however, promised that it would continue to investigate the matter.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One chairman and CEO Richard D. Fairbank said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."