New York Attorney General Letitia James has already opened up an investigation into the Capital One data breach, she announced Tuesday — less than 24 hours after the company revealed the massive hack.
The breach exposed the personal information of approximately 100 million people in the U.S. and six million people in Canada. The information that was stolen included 80,000 bank account numbers and 140,000 Social Security numbers.
“Today, 100 million consumers across America are wondering if they were unfortunate enough to be a victim of the most recent data breach,” James said in a statement. “Though Capital One’s breach was internal, the fact still remains that safeguards were missing that allowed for the illegal access of consumers’ names, Social Security numbers, dates of birth, addresses, and other highly sensitive, personal information.”
She also added, “It is becoming far too commonplace that financial institutions are susceptible to hacks, begging the questions: Why do these breaches continue to take place? And are companies doing enough to prevent future data breaches?”
Former Amazon Web Services (AWS) employee Paige A. Thompson was arrested on Monday over the hack. Capital One uses Amazon Web Services for its cloud database. Federal authorities said Thompson stole data back in March and discussed the hack on Twitter, Slack, and on a Meetup group. An Amazon spokeswoman told Digital Trends that Thompson had not worked for AWS for about three years, and that the vulnerability she exploited was on Capital One’s website.
The Capital One breach is already among the largest financial services hacks in history. The Equifax data breach in 2017, which involved 147 million people’s data, was the largest. James was also involved in investigating the Equifax breach, leading a coalition of 50 attorneys general. The Federal Trade Commission announced a $700 million settlement over the Equifax breach on July 22.
Capital One has released guidelines and FAQ answers about what to do if you were affected by the hack. The company will be notifying customers who were affected by the breach, but not through phone or email for safety concerns. You can still protect yourself from the fallout of the data breach by signing up for a credit monitoring or identity protection service.
Digital Trends reached out to Capital One for comment on the New York investigation, but we have yet to receive a response.