Capital One has announced a data breach that has exposed the personal information of 106 million people that includes transaction data, credit scores, payment history, balances, and for some, linked bank accounts and social security numbers.
The data breach was discovered when a ethical hacker responsibly disclosed the vulnerability to Capital One on July 17th 2019. After performing an internal investigation of whether this vulnerability had been used in the past, Capital One discovered that an unauthorized used had access their systems and customer data between March 22nd and 23rd of 2019
"On July 19, 2019, we determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for credit card products and Capital One credit card customers", Capital One stated in a data security incident notice. "This occurred on March 22 and 23, 2019."
After seeing what large data breach announcements have done to the stock prices for other companies, Capital One is using the security incident notice to allay the fears of their investors.
According to Capital One this incident is expected to generate costs of approximately $100 to $150 million in 2019 due to customer notifications, free credit monitoring services, security improvement costs, and legal fees, but they do have insurance. More detail about the arrest at Bleepingcomputer.