SEATTLE — A security breach at Capital One Financial, one of the nation's largest issuers of credit cards, compromised the personal information of about 106 million people, and in some cases the hacker obtained Social Security and bank account numbers.
It is among the largest security breaches of a major U.S. financial institution on record. The bank's stock tumbled 7% Tuesday, the largest single-day decline in four years.
Paige A. Thompson, who uses the online handle "erratic" - was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
Federal agents began tracking Thompson online after being notified by Capital One of a possible breach in July.
The FBI raided Thompson's residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and "other entities that may have been targets of attempted or actual network intrusions."
Capital One said it believes it is unlikely that the information was used for fraud, but the investigation is ongoing.
The data breach involves about 100 million people in the U.S. and about 6 million in Canada.
The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019.
In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One CEO Richard Fairbank. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."