The personal details of about 106 million individuals across the US and Canada were stolen in a hack targeting Capital One systems, the company has revealed.
The announcement came after the alleged hacker was arrested on Monday.
According to Capital One, the data included names, addresses and phone numbers of people who applied for its credit card products.
But the hacker did not gain access to credit card account numbers, it said.
How many people have been affected?
Capital One said in a statement released on Monday that the breach affected approximately 100 million in the US and 6 million in Canada.
The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.
In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
- British Airways faces record £183m fine for data breach
- Equifax to pay up to $700m to settle data breach
The hack was identified on July 19.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the company’s infrastructure.
Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.
How has Capital One reacted?
Capital One said it was unlikely the information was used for fraud but they would continue to investigate the breach.
The company will notify those affected and will provide them with free credit monitoring and identity protection.
Richard D. Fairbank, chairman and CEO of the company, said in a statement: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.
“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right. “
What do we know about the alleged hacker?
The US Justice Department has confirmed they have arrested a former Seattle technology company software engineer in connection with the breach.
Paige Thompson, 33, was arrested on Monday on charges of computer fraud and abuse. She appeared in federal court in Seattle.
She is due to appear in court on 1 August.
Ms Thompson faces a maximum sentence of five years in prison and a $250,000 (£204,713) fine.