A Capital One data breach has reportedly made the private information of more than 100 million credit card applicants vulnerable.
According to a New York Times article from late July, a Seattle software engineer who used to work for Amazon Web Services bragged about her hacking abilities online, sparking an investigation into the data breach and her eventual arrest. Amazon reportedly hosted the Capital One database, but the company said that due to Capital One’s size, the bank built its own web applications that Capital One fully controlled.
In a press release, Capital One said it “immediately fixed the configuration vulnerability” upon identifying the problem, which reportedly consisted of a misconfigured web application firewall.
Capital One also released a statement saying, “Based on our analysis to date, we believe it is unlikely the information was used for fraud or disseminated by this individual.”
Allegations Software Engineer Committed Capital One Data Breach
According to to CNN Business, Paige Thompson, 33, was arrested and charged with one count of computer fraud and abuse for allegedly exposing 140,000 Social Security numbers and 80,000 bank account numbers with names, addresses, phone numbers and email addresses of U.S. and Canadian citizens who had applied for credit cards as far back as 2005. She allegedly committed the hack on March 22 and 23 of this year.
Court documents indicate Thompson attempted to share the information online, where she made little effort to hide her identity. She posted on GitHub, which is an online community of software developers and offers a cloud-based service to store files. She used her first, middle and last name on GitHub, according to the criminal complaint.
She also reportedly posted on social media sites that she had captured information from Capital One and even explained how she did it on Slack, a work collaboration site that includes the ability to chat with others.
She went by the screen name “erratic” on Slack and on her Twitter account, where she allegedly tweeted that she wanted to share Social Security numbers, full names and dates of birth, according to one FBI special agent.
Despite her apparent casual demeanor and little attempt to hide her identity, Thompson “recognizes that she has acted illegally,” notes the complaint.
Capital One and GitHub Face Lawsuit
A class action lawsuit already has been filed against Capital One and GitHub, accusing both companies of negligence in regards to their response to the Capital One data breach.
Capital One reportedly didn’t know of the breach until July 19, but the class action lawsuit contends the bank should have known at the time the data was accessed in March. The lawsuit alleges the bank should have responded to the breach must sooner.
According to the complaint, GitHub was criticized for not monitoring content and for failing to recognize and act upon the fact that hacked data was on its website for almost 90 days.
In a statement released to The Hill, GitHub’s spokesperson responded to the data breach lawsuit, saying “the file posted to GitHub did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information. We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving the request.”
Join a Free Capital One Data Breach Lawsuit Investigation
If you applied for a Capital One credit card between 2005 and 2019 in the United States or Canada, you may may qualify to join this Capital One data breach class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2025 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
NEC lawsuit: Families take action against Enfamil and Similac baby formula makers
September 10, 2025 | Legal News
25 thoughts onCapital One Data Breach Affects Millions and One Lawsuit Already Filed
Please add me.
Please add me I was contacted by Capital one that my info was compromised and was given a file number.
Hello TCA, After receiving a letter from Capital One offering me credit monitoring after the breach last year, I am very upset that this keeps happening, so I would like to see how I can be added to this lawsuit, ASAP!!!
Thank You for your kindness and help in this matter.
I was notified by capital one through snail mail that I was one of the elite 80,000 who’s bank account and s.s. numbers were also stole. (I really think us 1%er’ s should get a separate lawsuit going). My info has shown up on dark web almost every month since the breach. What a time consuming, pain in the butt it’s been, changing accounts and everything. Have 2 cards and an auto loan through cap one-i don’t want to miss out on anything.