A Seattle-area woman was arrested on Monday morning in connection with a newly-disclosed Capital One data breach that impacted more than 100 million people.
Capital One said it identified a security breach on July 19 when an unauthorized source “obtained certain types of personal information” related to credit card customers and others who had applied for products, the company said in a statement on Monday.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” the statement said. “Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”
Specifically, the bank believes about 140,000 Social Security numbers of its credit card customers and around 80,000 linked bank account numbers were compromised, according to the statement.
Paige Thompson, who goes by the nickname “erratic,” was arrested on one count of computer fraud and abuse, according to court documents filed in the Western District of Washington on Monday.
Thompson attempted to intrude on Capital One’s server numerous times between March and July and succeeded at least once, federal authorities said.
Some of the information was encrypted, according to court documents, but “tens of millions” of credit card applications were not.
“Although some of the items were tokenized or encrypted, other information including applicants’ names, address, dates of birth and information on their credit history has not been tokenized,” prosecutors said in a criminal complaint.
Thompson allegedly bragged online about the hack, according to court documents.
“I’ve basically strapped myself with a bomb vest, f—— dropping capitol ones dox and admitting it,” she allegedly wrote in a Twitter direct message, according to court documents. “There ssns (Social Security Number)…full name and dob.”
Authorities searched Thompson’s home and “agents observed files and items that referenced Capital One and the cloud computing company, other entities that may have been the targets of attempted or actual network intrusions,” the complaint said.
The breach will cost the firm between $100 million and $150 million in 2019, the company said, citing costs related to customer notifications, credit monitoring, technology costs and legal support.
ABC News’ Joshua Hoyos and Luke Barr contributed to this report.