Capital One: Hackers steal 100 million Americans’ data

An image of capital one, Cyber Security, Capital One: Hackers steal 100 million Americans' data

Credit: BBC

A hacker who obtained the names, addresses, phone numbers and birth dates of Capital One customers in the US and Canada has been arrested by the FBI.

Over 100 million Americans have had data stolen by a hacker who obtained credit scores, balances and Social Security numbers of about applicants.

Virginia-based Capital One claimed to have discovered the hack on July 19, immediately seeking help from law enforcement. The FBI complaint details that the bank was emailed two days prior, notifying them that leaked data had appeared on GitHub. A month ago, a Twitter user using the pseudonym “erratic” sent Capital One direct messages threatening to leak the bank’s data.

Paige A Thompson, the user behind “erratic”, was charged with a single count of computer fraud and abuse, in Seattle. Thompson has made a first appearance in court and is in custody pending detention later this week. Thompson’s residence was raided on Monday, with digital devices seized. The FBI conducted an initial search, which found files referencing Capital One and “other entities that may have been targets of attempted or actual network intrusions”.

Capital One claimed the hacker “exploited” a “configuration vulnerability” in their infrastructure. “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Chairman Richard Fairbank in a statement. “I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Thompson faces a maximum prison sentence of five years and a $250,000 (£204,713) fine.

Is it easier to hack data these days?

Like Tinder, texting and tweeting, hacking has become a mainstream tech topic as the internet as developed. No longer a concern reserved for computer geeks and IT guys, hacking is a mainstream worry: one that can affect huge swathes of people who otherwise have no more than a passing interest in the web.

The truth is that the world is online. We bank online, make friends online, our post has been redirected to virtual inboxes over the years and a lot of our shopping is conducted on Amazon. With so many accounts and profiles on websites and apps – and with every business you associate with storing their data somewhere accessible – hacking opportunities are rife.

The Capital One scare is not an isolated case. “Although some of the information in those applications (such as Social Security numbers) has been tokenised or encrypted, other information including applicants’ names, addresses, dates of birth and information regarding their credit history has not been tokenised,” the FBI warned of the situation. It is frighteningly easy to obtain such sensitive information unencrypted.


A server can host dozens of websites. That’s potentially limitless data harvested all from one website with open ports and the option to upload a profile picture.


Last year, Cambridge Analytica infamously accessed 87 million Facebook users’ data illegally. Also last year, Facebook-owned WhatsApp, admitted that hackers were able to install spyware on Android and Apple devices. Over 57 million customers of Uber had data hacked in October 2016 and a year later, Yahoo confirmed that all 3 billion of its user accounts were breached.

When hacking a website, for example, hackers look for open ports. From there, they can determine how many files are stored on the webserver. File uploads on sites are one way that attackers can find a way in: unrestricted file upload can lead to hackers performing a complete system takeover, an overloaded file system or database or even simple defacement.

A server can host dozens of websites. Hackers can find a way into a database with root privileges without too much fuss. That’s potentially limitless data harvested all from one website with open ports and the option to upload a profile picture

What happens next for Capital One?

Capital One customers across the pond are being advised to change all their passwords immediately. Checking credit cards and banking statements for suspicious activity is another given.

An image of capital one, Cyber Security, Capital One: Hackers steal 100 million Americans' data
Capital One’s headquarters in Tysons, Virginia / Credit: Bisnow

However, that’s just the beginning for a bank who may have lost the trust of a lot of their users. Capital One has guessed that the incident will cost $100 million to $150 million in the short term. The data was posted for almost three months; Capital One’s stock was down 5% in premarket trading on Tuesday.

Despite the scare, the bank has claimed that “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised”.

An image of capital one, Cyber Security, Capital One: Hackers steal 100 million Americans' data

Luke Conrad

Technology & Marketing Enthusiast

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!

What are Multi-core Safety-Critical Avionics?

Wind River • 13th March 2024

A multi-core processor is a type of central processing unit that integrates multiple individual processing units onto a single chip. It supports different cores executing their tasks simultaneously, for quick and enhanced overall performance. Multi-core processors nowadays support safety-critical avionics. Find out more about what multi-core processors are, what multi-core safety-critical avionics are, and how...

Why Transition from 4G to 5G+ vRAN/O-RAN?

Emily Goldshteyn • 13th March 2024

The journey from legacy to 5G doesn’t have to be off-putting. It is a process that, if approached strategically, can make your company a pioneer in the digital age. Virtual and Open RAN, which come with broader choices of technology options and greater flexibility, are giving service providers greater opportunity as they transition their networks....