According to Capital One and the FBI, a hacker gained access to more than 100 million Capital One customer accounts and credit card applications earlier this year. It is one of the biggest data breaches ever. Paige A. Thompson, 33, of Seattle, a former software engineer at Amazon, is accused of breaking into a Capital One server and gaining access to the following:
140,000 | Social Security numbers
1 million | Canadian Social Insurance numbers
80,000 | Bank account numbers
??? | An undisclosed number of names, addresses, credit scores, credit limits, balances, and other information.
The Justice Department said Paige was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened, I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Richard D. Fairbank, Chairman and CEO
Capital One
Thompson was arrested Monday in connection with the breach, the Justice Department said. A former Amazon systems engineer was arrested on charges that she breached the network of Capital One, the tenth largest U.S. bank.
$100 million – to $150 million | The company expects to incur between costs this amount related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.
Much of the evidence tying her to the breach came directly from things she posted online or in direct messages. An unnamed recipient of one of those messages sent them to Capital One officials. “Let me know if you want help tracking them down,” the person wrote.
The company says it fixed the vulnerability and that it is “unlikely that the information was used for fraud or disseminated by this individual.”
What to do if your bank account gets hacked?
(Advice from CNN and the SmallBusiness.com Guide to Business Computer and Tech Security)
Don’t panic
The bank says it will notify everyone who was affected by the breach and offer them free credit monitoring and identity protection services.
Check your accounts now
Look over your credit card and banking statements and report any suspicious activity to the bank as soon as possible. Change your passwords on all accounts.
Freeze your credit
Taking this step means that no one will be able to access your credit reports without your permission. A lender or business won’t be able to gain entry to your credit file until you unfreeze it. (Note: It can be a hassle.)
Stay vigilant
Consider signing up for a credit monitoring service, The bank will likely offer to supply one. Even if you accept their offer, you could also check your credit reports yourself to make sure fraudulent accounts haven’t been opened in your name. (A good habit: Do this at least once every quarter.)
Watch out for scams
Don’t respond to phone calls or emails from creditors. Call them using the phone number you find on the legitimate website,
Photo | By Drew Angerer/Getty Images
There are over 30 articles in the SmallBusiness.com Guide to Business Computer and Tech Security)
Also on SmallBusiness.com