Woman arrested after massive credit card data theft online

The personal details of about 106 million individuals across the US and Canada were stolen in a hack targeting financial services firm Capital One, the company has revealed.

The announcement came after the alleged hacker was arrested on Monday.

Paige Thompson, 33, a former Seattle technology company software engineer, was nabbed by FBI agents after she boasted about the data theft -- one of the biggest to hit a financial services company -- on the information sharing site GitHub, authorities said.

"The intrusion occurred through a misconfigured web application firewall that enabled access to the data," a statement by the US attorney's office in Washington said.

"On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft."

According to Capital One, the data included names, addresses and phone numbers of people who applied for its credit card products.

But the hacker did not gain access to credit card account numbers, it said.

Capital One is a major credit card issuer in the US and also operates retail banks.

The firm said in a statement released on Monday that the breach affected approximately 100 million individuals in the US and 6 million people in Canada.

The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.

In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.

The hack was identified on 19 July.

Capital One said the hacker was able to "exploit" a "configuration vulnerability" in the company's infrastructure.

Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.

Capital One said it was unlikely the information was used for fraud but it would continue to investigate the breach.

The company will notify those affected and will provide them with free credit monitoring and identity protection.

Chairman Richard Fairbank said in a statement: "While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.

"I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right."