And a month before that, the FBI said, a Twitter user who went by “erratic” sent Capitol One direct messages warning about distributing the bank’s data, including names, birth dates and Social Security numbers.
“‘I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it,” one said. “I wanna distribute those buckets I think first.”
Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the US and 6 million in Canada.
The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019.
In addition to data such as names, addresses, phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Capital One CEO Richard D. Fairbank.
“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”