Washington: A data breach at a major US bank has affected around 100 million customers in the US and six million in Canada.
Capital One Financial Corporation announced on Monday that on July 19, 2019, it determined there was unauthorised access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.
In a press release, the corporation said, "Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada. "
The FBI has arrested the perpetrator.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D Fairbank, the corporation's Chairman and CEO. "I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right."
Capital One stated that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised.
They added that the largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. That information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data,
"We are very thankful to the FBI's Seattle Field Office and Special Agent Joel Martini, to US Attorney Brian T Moran, and to Assistant US Attorneys Steven Masada and Andrew Friedman of the Western District of Washington for the speed with which they responded to this incident and apprehended the responsible party," the corporation stated.
The company said that it expected the incident to cause incremental costs of $100 to $150 million in 2019.
"Expected costs are largely driven by customer notifications, credit monitoring, technology costs, and legal support," they added.