Capital One has confirmed it suffered a major data breach earlier in the year, with more than 100 million customers in the US and Canada affected.
In a statement, the bank reveals that it didn't discover the security incident until July 19 – roughly four months after it occurred.
The person responsible for the hack has been named as Seattle software engineer Paige Thompson by multiple outlets, including the New York Times.
She has now been arrested and is in custody, having been caught after bragging about her involvement online.
What was stolen and what can Capital One customers do?
Capital One says it doesn't believe any of the information obtained in the breach was used for fraud purposes or distributed online.
Nevertheless, the scope of the hack is alarming.
As well as personal information like the names, addresses, and phone numbers of the bank's customers, Capital One admitted that sensitive financial information was also accessed.
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
- About 140,000 Social Security numbers of credit card customers
- About 80,000 linked bank account numbers of secured credit card customers
- Approximately 1 million Social Insurance Numbers (for Canadian users)
If you've been hit by the breach, Capital One says it will notify you directly and offer further advice.
The bank has promised free credit monitoring and identity theft protection services to those affected, adding it will "further strengthen" its cyber security defenses in the wake of the hack.
Short of moving banks, this means that there's not much Capital One customers can do – other than to look out for an email, letter, or phone call from the bank.
In a broader sense, a couple of tips would be to consider investing in some solid internet security software, or look at the best computer protection software, which specifically focuses on programs designed to help prevent identity theft.