The largest category of information accessed was information on consumers and small businesses as of the time they applied for credit card products from 2005 through early 2019. This information included personal information that Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income. Beyond the credit card application data, the individual also obtained portions of credit card customer data, including customer status data (e.g., credit scores, credit limits, balances, payment history, contact information) and fragments of transaction data from a total of 23 days during 2016, 2017 and 2018. 

The U.S. Department of Justice alleges the hack to be the work of a single woman: a Seattle-based tech worker who used her knowledge of cloud services to take advantage of a misconfigured firewall to access the data (research from IBM has found that configuration errors are responsible for 70 percent of compromised records). The tech worker, Paige Thompson, 33 years old, is said to have posted about the intrusion on the site GitHub, where another user noticed the post and alerted the authorities. On Monday, FBI agents executed a search warrant at her home and seized electronic storage devices containing a copy of the data. Thompson herself was detained pending a hearing on Aug. 1. 

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank , chairman and CEO of Capital One. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."