NEW YORK: Sard Verbinnen & Co. is advising Capital One on its response to a data breach that compromised the personal information of more than 100 million people in the U.S., according to a source familiar with the matter.
"Capital One immediately fixed the issue and promptly began working with federal law enforcement," the company said on its dedicated web page for the breach.
The hacking resulted in the compromise of the accounts of 100 million Capital One credit-card holders or applicants in the U.S., as well as 6 million in Canada. The compromised information includes 140,000 Social Security numbers, 80,000 linked bank account numbers and 1 million Canadian Social Insurance numbers.
"Importantly, no credit card account numbers or log-in credentials were compromised and less than 1% of Social Security numbers were compromised," Capital One said. "Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual."
The FBI arrested the alleged hacker responsible, Paige Thompson, a Seattle resident and former Amazon systems engineer, on Monday. Law enforcement officials said Thompson "exploited a faulty configuration in Capital One’s firewall to access the company’s secure data and steal personal information of tens of millions of customers," according to the criminal complaint obtained by the Seattle Times.
Capital One is a customer of Amazon Web Services, which allows clients to rent computing and storage power on its servers. Amazon has said AWS "was not compromised in any way."
Sard Verbinnen declined to comment. A Capital One representative could not be reached for additional comment.