Capital OneUS-based Capital One Financial Corporation on Tuesday reported a data breach affecting about 106 million users including certain existing Capital One credit card customers and customers who had applied for its credit card products.

Personal data of about 100 million users in the United States and about 6 million users in Canada was compromised, following an unauthorized access by an individual outside the company, Capital One Financial said in a statement.

“The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” the company said, adding that further investigations are under way.

Personal data including addresses, phone numbers, credit scores, credit limits, balances, some transaction data, among other things were compromised. About 140,000 social security numbers, about 80,000 linked bank account numbers of credit card customers and about 1 million social insurance numbers of Canadian credit customers were breached.

Most of the data accessed in the breach, that took place between March 22-23, were of consumers and small businesses who had applied for the company’s credit card products from 2005 through early 2019.

However, credit card account numbers, log-in credentials and more than 99 percent social security numbers were not compromised, the company headquartered in McLean, Virginia said.

The company expects the incident will lead to an incremental cost in the range of $100-$150 million this year, largely due to customer notifications, credit monitoring, technology costs, and legal support.

The company said it will notify the affected individuals and will make free credit monitoring and identity protection available to affected users.

by Krishna V Kurup
Senior Market Analyst at IBS Intelligence