The bank says that Thompson obtained 140,000 Social Security numbers from USA citizens, and about 1 million Social Insurance numbers from Canadian citizens, as well as bank account information for 80,000 US credit card customers using secured credit cards.
Capital One revealed an outside hacker accessed personal information relating to the personal information of pre-existing credit card customers as well as those who had applied for a card. The breach went unnoticed by Amazon and Capital One.
Capital One has assured the investors that they will improve operational efficiency, but despite that, the sizable damage has impacted its reputation.
The FBI special agent who investigated Thompson believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.
James' office had co-led the lawsuit against Equifax, after its 2017 breach, along with 49 other state attorney generals, resulting in the largest data breach settlement in history, with a potentially $700 million payment.
The company said information from about 100 million Americans and 6 million Canadians was stolen in the intrusion.
Capital One was contacted on July 17 by an anonymous individual alleged that the leaked data which was later discovered to belong to Thompson had been posted GitHub, a website used by software engineers to post and collaboratively develop digital projects. "Only" 140,000 social security numbers and "only" 80,000 bank account numbers for United States customers, plus about 1 million Canadians' social insurance numbers were compromised.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened", said Capital One CEO Richard Fairbank in a news release. She will remain in jail pending a detention hearing on Thursday. "I sincerely apologize for the understandable worry this incident must be causing those affected".
Anyone targeted in the breach will be notified, and Capital One will pay for free credit monitoring.
"Whenever personal information is stolen, it can put consumers at risk of identity theft", says Sara Rathner, a travel and credit cards expert for NerdWallet.
Personal information is out there now, and the company is working to protect anyone who might have been affected.
The company will also be posting updates for Canadians customers here.
The breach will cost the firm between $100 million and $150 million in 2019, the company said, citing costs related to customer notifications, credit monitoring, technology costs and legal support.