Capital One 2019 Data Breach
| Company | Capital One |
|---|---|
| Breach Date | March 22, 2019 |
| Disclosure Date | July 29, 2019 |
| Records Affected | 100 million |
A former Amazon Web Services employee exploited a misconfigured firewall to steal data on 100 million Capital One credit card customers and applicants.
What Happened
Paige Thompson, a former AWS employee, exploited a misconfigured web application firewall to access Capital One's cloud-stored data. She posted about the hack on GitHub and social media, leading to her arrest.
The breach exposed one of the largest collections of banking data ever stolen, including SSNs and linked bank account numbers.
What Data Was Exposed
- Social Security numbers - 140,000
- Bank account numbers - 80,000
- Names and addresses
- Credit scores
- Credit limits
- Balances
- Payment history
- Contact information
- Transaction data
Who Is Affected
100 million individuals in the US and 6 million in Canada who applied for or held Capital One credit cards.
How to Check If You Were Affected
Capital One notified affected individuals directly. Contact Capital One customer service to verify your status.What You Should Do Now
- Freeze your credit
- Monitor your Capital One accounts
- Enroll in free credit monitoring offered by Capital One
- Change your Capital One password
- Watch for tax fraud if SSN was exposed
- Review bank statements for unauthorized activity
Last updated: January 20, 2026
Protect Yourself After a Data Breach
When your data is exposed in a breach, acting fast is critical. Here's how to lock down your identity:
- Get identity theft protection — monitors your credit, SSN, and dark web exposure 24/7
- Set up credit monitoring — catch unauthorized accounts before they damage your score
- Remove your personal info from data brokers — reduce your exposure to future attacks
- Run a free dark web scan — check if your email appears in known breaches