clock menu more-arrow no yes

A former Amazon employee hacked the credit card data of 100 million Americans

New York state has launched an investigation into what happened at Capital One.

People walk past a Capital One sign Drew Angerer/Getty Images

A hacker obtained private credit card data on 100 million Americans in a massive data breach that on Tuesday became the subject of a new probe by the state of New York.

The bank Capital One disclosed that in March, a hacker breached its infrastructure and accessed personal information, including 140,000 of its customers’ and applicants’ Social Security numbers. About 80,000 bank account numbers of its credit card holders were also exposed.

Another 6 million people in Canada had their data leaked, including 1 million Social Insurance Numbers, which are similar to American Social Security numbers, and just as sensitive.

For now, Capital One says it plans to notify all who are affected by the breach, and to extend free credit monitoring and identity protection services to its customers — table stakes when there’s a massive hack. Your options when it comes to protecting yourself from these breaches are limited. But experts generally recommend staying vigilant, considering a credit freeze or credit lock, and monitoring your accounts closely for any unusual activity.

Capital One, which did not announce the leak until 10 days after the discovery of the incident, said it had worked with the FBI to apprehend the hacker, who is reportedly a former employee of Amazon.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard Fairbank, the bank’s CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

But the breach is already drawing further scrutiny. Sen. Ron Wyden (D-OR) used it to push his new consumer privacy bill.

New York Attorney General Letitia James said her office was beginning an “immediate investigation” into what happened.

“It is becoming far too commonplace that financial institutions are susceptible to hacks, begging the questions: Why do these breaches continue to take place? And are companies doing enough to prevent future data breaches?” she said in a statement. “We cannot allow hacks of this nature to become everyday occurrences.”

But the reality is that they are. Most notably, 150 million Americans saw their sensitive data leaked in a hack of the credit reporting company Equifax in 2017. In recent years, the data of hundreds of millions of people has been leaked or hacked from companies like Marriott, Facebook, and Yahoo — whose hack ended up compromising more than 3 billion accounts when all was said and done.

Recode and Vox have joined forces to uncover and explain how our digital world is changing — and changing us. Subscribe to Recode podcasts to hear Kara Swisher and Peter Kafka lead the tough conversations the technology industry needs today.