DENVER — Although the company said it has fixed the problem and the FBI arrested the person allegedly responsible, Capital One Financial Corporation announced Monday that on July 19 someone gained unauthorized access to personal information that affected about 100 million people in the U.S. and 6 million in Canada.
No credit card account numbers or log-in credentials were affected, and more than 99 percent of the company’s social security numbers were not compromised, according to a news release from Capital One.
According to the news release, the company believes the person likely didn’t use the information for fraud, nor did they release the information.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO of Capital One. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Most of the information accessed was records of consumers and small businesses at the time they applied for a credit card product from 2005 through early 2019, according to the release, which includes names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.
The person also obtained credit scores, credit limits, balances, payment history, contact information and fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
About 140,000 social security numbers and about 80,000 bank account numbers were also obtained by the person.
“We will notify affected individuals through a variety of channels,” the news release stated. “We will make free credit monitoring and identity protection available to everyone affected.”
The investigation is ongoing, according to the release.