Banking institution Capital One has just revealed that it has suffered a data breach that has uncovered the names, addresses, phone numbers, emails, birth dates, and self-reported earnings of about 100 million Americans and 6 million in Canada due to "configuration vulnerability" in the servers of an unnamed cloud computing company that the data from the bank host.
(Equifax, hold my beer.)
But according to the complaint, the hacker may have shared some information on a private Slack chat server before he was caught.
The Capital One press release claims that only 140,000 US citizen service numbers, 80,000 bank account numbers, and 1 million Canadian social insurance numbers were compromised, which seems small compared to the 106 million people affected in total. But realistically, the information from all credit card applications that the hacker could have received from those other people (again, including names, addresses, phone numbers, and self-reported earnings) could probably provide them with quite a bit of feed for identity theft and social engineering, not to mention of the credit scores, credit limits, balances and payment history that Capital One says were also obtained by the hacker.
They know who to harass and how to start.
Capital One claims that the "configuration vulnerability" has been resolved, believes it is "unlikely that the information has been used for fraud or has been circulated by this person," and the company says it will provide free credit monitoring and identity theft protection everybody .
But it is quite possible that customers, just like with Equifax, want to submit a complaint.
The company tells investors that it expects the infringement to cost between $ 100 and $ 150 million this year.