Capital One said a hacker gained access to more than 100 million Capital One customer accounts and credit card applications earlier this year.
Among other information, the compromised data included some Social Security numbers.
The Department of Justice said Monday that Paige Thompson, 33, was arrested in connection with the breach. The department alleges that Thompson “posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data.”
Thompson was able to gain access by exploiting a misconfigured web application firewall, the DOJ said.
Connecticut Attorney General William Tong said in a statement, “As we saw with Equifax, failure to properly secure personal information has consequences — for both consumer victims and corporations. When corporations fail to take reasonable security measures, they must be held accountable. My office has initiated a review of the circumstances of this latest breach and is prepared to take action if warranted.”
Capital One indicated it fixed the vulnerability and said it is “unlikely that the information was used for fraud or disseminated by this individual.” However, the company is still investigating.
The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.
However, “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised,” the company said.