American bank holding company Capital One has suffered a data breach that ha seen the data of more than 100 million people compromised.
The company confirmed the news via its website, which says the breach was first discovered on July 19 this year, when it was notified by a GitHub user after another user was foundbragging about it.
It believes that the data of everyone who applied between 2005 and 2019 is compromised, which means roughly 100 million people in the US, and some six million people from Canada.
The data that was taken includes “names, addresses, ZIP codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income”, but also “credit scores, credit limits, balances, payment history, contact information.”
Capital One believes 140,000 US social security numbers were also taken, as well as 80,000 linked bank account numbers. About a million of social insurance numbers from people in Canada were stolen, as well.
The company said that hackers also got their hands on transaction data from 23 days between 2016 and 2018.
One person was arrested in relation to the breach, and according to the US Department of Justice’s notice, one Paige A. Thompson, an engineer from Seattle, was taken in.
The company’s Chairman and CEO, Richard D. Fairbank, apologised for the incident, saying he is “committed to making it right”.