Person charged over massive US data breach

A woman from the US city of Seattle has been charged in relation to a massive data breach affecting US credit card issuer Capital One.

Page Thompson has been charged with accessing tens of millions of credit card applications to the bank holding company after allegedly taking advantage of a misconfigured firewall to access files stored in the cloud.

Thompson has been accused of posting information related to the intrusion online, including posting a list of more than 700 folders or buckets of data onto a GitHub site that displayed her full name and resume, and boasting on Twitter and a Slack group chat.

Capital One confirmed on Monday that it had been the target of a data breach earlier this month.

The company said it has "determined there was unauthorised access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers".

Capital One estimates that the breach affected around 100 million individuals in the US and around 6 million in Canada, but in a statement said that “Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual”.

Compromised information includes names, addresses, phone numbers, email addresses, dates of birth, self-reported income and some financial and transactional data, but not credit card numbers or login details.

Capital One expects to incur costs related to the data breach of US$100 million ($145.3 million) to US$150 million in 2019.

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.