(WREX/NBC) — A former software engineer from Seattle has been arrested in connection with a massive data breach that potentially puts more than 100 million Capital One credit card applicants at risk.
Paige A. Thompson, 33, allegedly accessed information from Capital One bank through a misconfigured security feature and then posted the data to an information-sharing site, according to a criminal complaint released Monday.
Capital One said in a statement to NBC News on Monday that the breach affects approximately 100 million individuals in the United States and approximately 6 million in Canada.
The bank insists, however, that no credit card account numbers or login credentials were compromised and fewer than one percent of Social Security numbers were compromised.
An unidentified person contacted Capital One on July 17 to report that leaked data belonging to the company appeared to be posted on GitHub, a hosting site often used by software engineers to develop and collaborate on projects.
Capital One staff investigated the posting, which was dated April 21, and saw instructions on how to access the company’s private information through computer code. Internal company logs indicated that the “buckets” of information that the code led to were indeed accessed.
Some of the more sensitive data, including social security information, was encrypted, but information from tens of millions of credit card applications has been put at risk.
About 140,000 Social Security numbers and 80,000 bank accounts were potentially put at risk, according to a statement from the bank Monday.
Information about applicant names, addresses, birth dates and credit history are also at risk.
An FBI cyberinvestigator matched the Github account name with a former systems engineer for Cloud Computing Company named Paige Thompson, according to the complaint. Further investigation of Thompson showed she allegedly created a messaging channel and claimed in a post to have data obtained using the same code in the April 21 Github post.
The FBI also believes Thompson is behind a Twitter account that sent a private message to Capital One on June 18 claiming to have social security numbers.
13 WREX spoke to the Better Business Bureau Tuesday about what you should do if you’re a Capital One customer.
The BBB recommends you have credit reports flagged, change passwords and make sure you protect your social security number.
“That is the key to your financial life. If that is compromised, you’re going to need to do some, take a lot of important steps to make sure that all of your personal information is protected and can’t be accessed,” Rockford Regional BBB Director Dennis Horton said.
Capital One says it will provide free credit monitoring and identity protection to those affected by the data breach.
CLICK HERE for more tips on what you can do if you’re affected.