Capital One: Hackers steal 100 million Americans’ data

Credit: BBC

A hacker who obtained the names, addresses, phone numbers and birth dates of Capital One customers in the US and Canada has been arrested by the FBI.

Over 100 million Americans have had data stolen by a hacker who obtained credit scores, balances and Social Security numbers of about applicants.

Virginia-based Capital One claimed to have discovered the hack on July 19, immediately seeking help from law enforcement. The FBI complaint details that the bank was emailed two days prior, notifying them that leaked data had appeared on GitHub. A month ago, a Twitter user using the pseudonym “erratic” sent Capital One direct messages threatening to leak the bank’s data.

Paige A Thompson, the user behind “erratic”, was charged with a single count of computer fraud and abuse, in Seattle. Thompson has made a first appearance in court and is in custody pending detention later this week. Thompson’s residence was raided on Monday, with digital devices seized. The FBI conducted an initial search, which found files referencing Capital One and “other entities that may have been targets of attempted or actual network intrusions”.

Capital One claimed the hacker “exploited” a “configuration vulnerability” in their infrastructure. “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Chairman Richard Fairbank in a statement. “I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Thompson faces a maximum prison sentence of five years and a $250,000 (£204,713) fine.

Is it easier to hack data these days?

Like Tinder, texting and tweeting, hacking has become a mainstream tech topic as the internet as developed. No longer a concern reserved for computer geeks and IT guys, hacking is a mainstream worry: one that can affect huge swathes of people who otherwise have no more than a passing interest in the web.

The truth is that the world is online. We bank online, make friends online, our post has been redirected to virtual inboxes over the years and a lot of our shopping is conducted on Amazon. With so many accounts and profiles on websites and apps – and with every business you associate with storing their data somewhere accessible – hacking opportunities are rife.

The Capital One scare is not an isolated case. “Although some of the information in those applications (such as Social Security numbers) has been tokenised or encrypted, other information including applicants’ names, addresses, dates of birth and information regarding their credit history has not been tokenised,” the FBI warned of the situation. It is frighteningly easy to obtain such sensitive information unencrypted.


A server can host dozens of websites. That’s potentially limitless data harvested all from one website with open ports and the option to upload a profile picture.


Last year, Cambridge Analytica infamously accessed 87 million Facebook users’ data illegally. Also last year, Facebook-owned WhatsApp, admitted that hackers were able to install spyware on Android and Apple devices. Over 57 million customers of Uber had data hacked in October 2016 and a year later, Yahoo confirmed that all 3 billion of its user accounts were breached.

When hacking a website, for example, hackers look for open ports. From there, they can determine how many files are stored on the webserver. File uploads on sites are one way that attackers can find a way in: unrestricted file upload can lead to hackers performing a complete system takeover, an overloaded file system or database or even simple defacement.

A server can host dozens of websites. Hackers can find a way into a database with root privileges without too much fuss. That’s potentially limitless data harvested all from one website with open ports and the option to upload a profile picture

What happens next for Capital One?

Capital One customers across the pond are being advised to change all their passwords immediately. Checking credit cards and banking statements for suspicious activity is another given.

Capital One’s headquarters in Tysons, Virginia / Credit: Bisnow

However, that’s just the beginning for a bank who may have lost the trust of a lot of their users. Capital One has guessed that the incident will cost $100 million to $150 million in the short term. The data was posted for almost three months; Capital One’s stock was down 5% in premarket trading on Tuesday.

Despite the scare, the bank has claimed that “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised”.

Luke Conrad

Technology & Marketing Enthusiast

The Future of Smart Buildings: Trends in Occupancy Monitoring

Khai Zin Thein • 12th June 2024

Occupancy monitoring technology is revolutionising building management with advancements in AI and IoT. AI algorithms analyse data from IoT sensors, enabling automated adjustments in lighting, HVAC, and security systems based on occupancy levels. Modern systems leverage big data and AI to optimise space usage and resource management, reducing energy consumption and promoting sustainability. Enhanced encryption...

The need to weave agility throughout the business

John Craig Swartz SVP at POWWR • 11th June 2024

With geopolitical tensions, more extreme weather events and the legacy of a global pandemic, it is more difficult for energy suppliers to preserve their margins and remain competitive than ever before. To thrive in the current climate, it is imperative that a supplier makes marginal gains wherever they can. Profitability within the sector today hinges...

Artificial general intelligence is closer than expected

AI expert Stuart Fenton • 10th June 2024

Whilst most of the attention around artificial intelligence (AI) thus far has been on ChatGPT, it is just the tip of the iceberg. In many ways, ChatGPT shouldn’t be thought of as true AI as it is – at its heart – just generative, learned behaviour. The future of AI, in contrast, is a system...

The State of Data Streaming

Confluent • 06th June 2024

Confluent survey: 90% of respondents say data streaming platforms can lead to more product and service innovation in AI and ML development 86% of respondents cite data streaming as a strategic or important priority for IT investments in 2024 For 91% of respondents, data streaming platforms are critical or important for achieving data-related goals

The State of Data Streaming

Confluent • 06th June 2024

Confluent survey: 90% of respondents say data streaming platforms can lead to more product and service innovation in AI and ML development 86% of respondents cite data streaming as a strategic or important priority for IT investments in 2024 For 91% of respondents, data streaming platforms are critical or important for achieving data-related goals

Grant Funding Awarded to Advance Cancer Therapeutics Discovery

Dr Alan Roth • 04th June 2024

The CRUK (Cancer Research UK) Scotland Institute and Oxford Drug Design, a biotechnology company with core expertise in AI drug discovery, have announced that their joint application for the MRC (UK Medical Research Council) National Mouse Genetics Network (NMGN) Business Engagement Fund has been awarded.