A class action lawsuit has been filed in the US over a data breach at Capital One bank that saw about 100m US customers have their personal information stolen by a hacker.
Roughly 140,000 social security numbers and 80,000 linked bank details were stolen, alongside other information such as credit scores and phone numbers, the bank said yesterday.
About 6m Canadians had their information compromised, including 1m social security numbers.
State attorneys general in Connecticut and New York both said today they would investigate the breach.
The suspected hacker was 33-year-old former software engineer Paige Thompson. She appeared in US District Court in Seattle yesterday.
Between 12 March and 17 July, Thompson posted stolen information from the hack on a coding website called Github.
After a fellow member of the website alerted Capital One, police could find and arrest Thompson because her full name was included in the digital address of the page she posted on.
The bank said the incident will cost it between $100m (£82m) and $150m this year as it has to inform customers, monitor credit and offer legal support.
The revelation of the breach saw Capital One’s shares slide four per cent in after-hours trading.
Alex Heid, chief research officer at information security company Securityscorecard, said: “Only a small percentage of those records contained social security information or banking information.”
“Compared to Equifax, this breach does not appear to have had anywhere near the same amount of impact.”
Credit company Equifax is to pay as much as $700m to settle a case after claims it broke the law when a 2017 data breach at the firm saw 147m people have their personal information stolen.
(Image credit: Getty)