A hacker swiped credit card applications, social security numbers and bank account information. the bank affected more than 100 million people from the Capital One server, the bank announced on Monday. Authorities say they arrested a suspected Seattle software engineer Paige Thompson after she posted about the incident on social media, reports the New York Times.
"I basically got caught with a bomb vest, dropped capital that is dox and admitted it," Thompson allegedly told Slack, prosecutors say.
Her posts on the social network Meetup first notified the FBI after the July 19 break, according to the New York Times. There, Thompson ran a group called the Seattle Warez Kiddies for "anyone with an award for distributed systems, programming, hacking, cracking." From that point, they tracked her online activity to other Twitter and Slack accounts where she allegedly boasted about the hacking . .
Thompson is charged with computer fraud and abuse, with a maximum sentence of $ 250,000 and up to five years in prison, the BBC reported.
According to court documents, the FBI says the hacker used a "firewall misconfiguration" to break the bank's server. Capital One attributed the incident to an exploited "configuration vulnerability", saying that the hacker managed to fix 140,000 social security numbers and 80,000 bank account numbers. In total, the heist compromised information that affected about 100 million people in the United States and another 6 million in Canada.
The bank's CEO, Richard D. Fairbank, apologized for the incident in a statement Monday.
"I am deeply sorry for what has happened," Fairbank wrote. "I sincerely apologize for the understandable concern this incident has caused to those affected and I am committed to doing it right."
In the wake of the data breach, Capital One offers free credit monitoring and identity protection to all concerned.