New York Attorney General Opens Probe into Capital One Data Breach

New York Attorney General Letitia James

New York Attorney General Letitia James announced that her office launched an investigation into the data breach that affected more than 100 million Capital One customers.

In a statement, AG James commented, “Today, 100 million consumers across America are wondering if they were unfortunate enough to be a victim of the most recent data breach. Though Capital One’s breach was internal, the fact still remains that safeguards were missing that allowed for the illegal access of consumers’ names, Social Security numbers, dates of birth, addresses, and other highly sensitive, personal information.”

She added, “It is becoming far too commonplace that financial institutions are susceptible to hacks, begging the questions: Why do these breaches continue to take place? And are companies doing enough to prevent future data breaches?

“My office will begin an immediate investigation into Capital One’s breach, and will work to ensure that New Yorkers who were victims of this breach are provided relief. We cannot allow hacks of this nature to become every day occurrences.”

Certain personal information of Capital One credit card customers were compromised

Yesterday, Capital One disclosed that a hacker illegally accessed its network and obtained certain personal information of its credit card customers. The data breach affected 100 million people in the United States and six million in Canada.

The bank holding company already fixed the vulnerability exploited by the hacker, who obtained customers credit card application data and portions of customers’ credit card data including:

  • Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

Capital One assured that no bank account numbers and Social Security numbers were compromised except:

  • around 140,000 Social Security numbers of its credit card customers
  • approximately 80,000 linked bank account numbers of is secured credit card customers

FBI arrested hacker responsible for the Capital One data breach

In addition, the bank holding company revealed that the Federal Bureau of Investigation (FBI) identified and arrested the hacker responsible for the data breach.

The FBI filed a criminal complaint against Paige Thompson for allegedly committing computer fraud and abuse related to the Capital One data breach. Thompson is a former software engineer at a technology company based in Seattle.

In a statement, U.S. Attorney Brian Moran said Capital One immediately reported the data breach to law enforcement. As a result, the FBI traced the intrusion and arrested the hacker.

“I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it,” said Moran.