Capital One Breach: Company Says No Social Security Numbers Compromised, Except 'About 140,000' That Were

Capital One's statement about a recently exposed data breach that compromised user information of more than 100 million people in the U.S. and 6 million in Canada appeared to downplay the significance of the security failure.

"No bank account numbers or Social Security numbers were compromised, other than: about 140,000 Social Security numbers of our credit card customers" and "about 80,000 linked bank account numbers of our secured credit card customers," the company wrote in its Monday night statement about the breach. "For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident."

Paige Thompson, a 33-year-old living in Seattle, has been accused of breaking into the company's servers between March 12 and July 17. Capital One said it became aware of the breach on July 19.

The Capital One statement noted that no credit card account numbers or login credentials were compromised and that 99 percent of Social Security numbers were not either. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," CEO Richard D. Fairbank said in the statement. The company said it expected the incident to cost between $100 and $150 million.

The Capital One breach is just the latest in a series of attacks that have compromised vast amounts of personal information in recent years, illuminating the vulnerability of sensitive user data.

Target paid $18.5 million after a 2013 breach exposed customer information, including names and credit card numbers, of tens of millions of people. Home Depot paid $25 million in damages after a 2014 breach exposed data from 50 million people. Uber had a 2016 data breach expose the personal information of 57 million customers and names and driver's license information of 600,000 U.S. drivers. Marriott suffered a breach that exposed 339 million global guest records between 2014 and 2018, which was discovered in November 2018. Earlier this month, Equifax agreed to pay at least $575 million in fines over a massive data breach in 2017, which exposed the credit files of 147 million Americans.

"Whether it was this breach, the Equifax breach, Marriott, Target, The Home Depot ... there have been so many that you need to assume your personal data has already been compromised. This surely won't be the last, so take defensive actions now. Freeze your credit, change your passwords and monitor your credit reports for anything that looks suspicious," industry analyst Ted Rossman told Newsweek in an emailed statement. "The number one thing consumers should do to protect their identities is to freeze their credit by contacting Equifax, Experian and TransUnion."

Capital One
An American flag flies above the Capital One Bank Headquarters in New York on April 17. OHANNES EISELE/AFP/Getty Images