NBC BAY AREA -- Capital One Financial announced late Monday it had learned of a data breach that it says involves the personal information of more than 100 million customers.
In a statement to news media, the credit card giant said it learned of the problem on July 19, and acted quickly to prevent further exploitation.
"Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement," the company said in its statement. "The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate."
The story was first reported by Bloomberg News, which cited court documents indicating the suspected hacker is a Seattle woman. The Bloomberg report said federal prosecutors determined the woman illegally accessed Capital One data between March 12 and July 17.
Capital One said it estimates at least 100 million Americans are affected by the breach, with 6 million more customers in Canada also involved.
The company said most of the stolen information was taken from credit card applications filed by individuals and small business owners between 2005 and 2019. It said the stolen data includes names, addresses, phone numbers, dates of birth, and income. Capital One also said about 140,000 customers' Social Security Numbers were accessed, along with 80,000 linked bank account numbers.
Capital One said it will directly notify affected customers of the breach, and it will offer free credit monitoring and identity protection.
Capital One established a website for customers with questions or concerns, which can be found here: https://www.capitalone.com/facts2019/