Capital One 2019 Data Breach
| Company | Capital One |
|---|---|
| Breach Date | March 22, 2019 |
| Disclosure Date | July 29, 2019 |
| Records Affected | 100 million |
A former Amazon Web Services employee exploited a misconfigured firewall to steal data on 100 million Capital One credit card customers and applicants.
What Happened
Paige Thompson, a former AWS employee, exploited a misconfigured web application firewall to access Capital One's cloud-stored data. She posted about the hack on GitHub and social media, leading to her arrest.
The breach exposed one of the largest collections of banking data ever stolen, including SSNs and linked bank account numbers.
What Data Was Exposed
- Social Security numbers - 140,000
- Bank account numbers - 80,000
- Names and addresses
- Credit scores
- Credit limits
- Balances
- Payment history
- Contact information
- Transaction data
Who Is Affected
100 million individuals in the US and 6 million in Canada who applied for or held Capital One credit cards.
How to Check If You Were Affected
Capital One notified affected individuals directly. Contact Capital One customer service to verify your status.What You Should Do Now
- Freeze your credit
- Monitor your Capital One accounts
- Enroll in free credit monitoring offered by Capital One
- Change your Capital One password
- Watch for tax fraud if SSN was exposed
- Review bank statements for unauthorized activity
Last updated: January 13, 2026