Just as Equifax announced a settlement for its massive data breach, Capital One has revealed that someone hacked into its systems earlier this year. According to the company, someone exploited a “configuration vulnerability” that allowed them to access and decrypt customer data affecting over 100 million people in the US, and about 6 million in Canada.
The actual crime occurred on March 22nd and 23rd this year. For about 140,000 people the exposure included Social Security Numbers, and for 80,000 their linked bank account numbers as well. The FBI has already arrested the person believed to be responsible, identified in court documents as Paige Thompson, a software engineer from Seattle who went by the handle “erratic.”
The court complaint explains that she exploited a “misconfigured web application firewall” and posted on Github about it. On July 17th, someone saw the post, alerted Capital One and two days later it confirmed the theft.