Paige Thompson, 33, was arrested in connection with the breach, the Justice Department said Monday. The department alleges that Thompson “posted on the information sharing site GitHub about her theft of information from the servers storing Capital One data.”
Thompson had previously worked as a tech company software engineer and was able to gain access by exploiting a misconfigured web application firewall, the DOJ said.
“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Capital One CEO Richard Fairbank in a statement.
The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.
However, “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised,” the company said.
Capital One said it will notify people affected by the breach and will make free credit monitoring and identity protection available. The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.
It is not immediately clear if Thompson has an attorney representing her.