How an ex-Amazon Web Services tech Exposed Personal Information's in Capital One Breach

Posted on by David Lukic in Data Breaches February 11, 2021

If you have read the news lately, you have heard about the capital one breach latest bank hack, which affected over 100 million Capital One customers.  The hacker, Paige Thompson (33), an ex-Amazon Web Services tech, was able to exploit a vulnerability in Capital One’s server firewall and steal millions of credit applications going back to 2005 up to 2019. The data stolen was personal information like names, addresses, income sources, dates of birth, phone numbers, email addresses, and social security numbers. Capital One states that no credit card numbers were stolen in capital one cyber incident. Additionally, Capital One reports that some additional types of information were stolen such as:

  • “Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information.
  • Fragments of transaction data from a total of 23 days during 2016, 2017, and 2018.
  • About 140,000 Social Security numbers of our credit card customers.
  • About 80,000 linked bank account numbers of our secured credit card customers.”

When Was the Capital One Breach?

The Capital One data breach occurred on March 22nd and 23rd of this year.  Capital One discovered the incident on July 19, 2019 and worked closely with the FBI to catch the criminal and recover the data. The FBI believes that none of the information was used for fraud or identity theft.

Capital One Data breach of 2019 How to Check If you were Breached

The first thing to consider is, are you affected by the Capital One data breach of 2019 and what to do about it.
Capital One has identified the affected parties and alerted them via mail if their bank account numbers or social security numbers were included in the data breach. Some Canadian customers were also affected, and they were alerted through mail as well. Capital One has not set up any websites or tools to check to see if you were affected. They are informing customers themselves, but you could contact them by phone to make sure your accounts are safe.

capital one breach

What to Do if Your Victim of Capital One Breach

Although Capital One and the FBI are assuring customers that none of the data was used for fraud, you may still want to explore a Capital One data breach 2019 check by contacting them and reviewing your credit reports with each of the credit reporting agencies. To get a copy of your credit report use this link: You can also contact each agency easily using the numbers  below:

  • Equifax : 1-800-525-6285; Equifax Information Services LLC, P.O. Box 105069, Atlanta, GA 30348-5069.
  • Experian : 1-888-EXPERIAN (397-3742); P.O. Box 9532, Allen, TX 75013.
  • TransUnion : 1-800-680-7289; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016.

Any Lawsuits and Settlements for Capital One Breach?

Currently, there are no lawsuits or Capital One data breach 2019 settlements, but Capital One is offering all customers TransUnion credit monitoring for two years. You can sign up for this service by contacting TransUnion directly or call Capital One at 1-844-388-8999.

Can My Information from Capital One Security Breach be Used for Identity Theft?

Even without being exposed to a data breach, your information may be stolen and used for identity theft. The perpetrator of this Capital One data breach posted some of the information online and tried to sell it but was caught before doing so. Even with reassurances by Capital One and the FBI, your personal details could have been leaked to someone with the intent of using it to defraud you. Be on the watch for phone calls or phishing emails in connection with Capital One breach. Capital One will only contact you by mail if you were affected.

capital one breach 2019

What to Do to Protect Yourself

The best protection for this type of incident is to sign up for credit monitoring and watch your accounts closely. Additional tips to stay safe are:

  • Change your bank and credit card login passwords often (and use complex combinations of letters, numbers, and symbols). 
  • Another option is to put a credit freeze on your accounts so no new accounts can be opened in your name with your express permission.
  • If you receive any suspicious emails that look like they came from Capital One, forward them to Do not open any attachments or click any links. 
  • If you think you have been a victim of fraud, contact banks or credit cards and report it. Have your credit card numbers and PINs changed as well.
Watch out for scams and visit the Capital One website for any updates or additional information.
About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in the fina... Read More

What is an Accidental Web Exposure and How to Prevent Data Leakage

Data breaches take many forms, and one of them is through accidental web exposure and data leakage. Milli... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, 2015 an... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. What start... Read More

Scan Your Records for Breaches, Leaks & Exposures!