Capital One Financial Corp., the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest ever data breaches of a big bank.
The announcement came the same day the alleged hacker, Paige A. Thompson, was arrested by federal agents in Seattle.
The bulk of the exposed data involves information submitted by customers and small businesses in their applications for Capital One credit cards from 2005 through early 2019, the bank said. The information included addresses, dates of birth and self-reported income.
The breach compromised approximately 140,000 Social Security numbers and 80,000 bank account numbers, as well as some customers’ credit scores and transaction data, according to the bank.
Ms. Thompson is a former employee of Amazon Web Services Inc., the cloud-computing division of Amazon.com Inc., according to people familiar with the matter. The criminal complaint says Ms. Thompson’s resume showed she worked at a cloud-computing company, which the government didn’t identify by name, as a systems engineer from 2015 to 2016.