A Capital One bank is pictured on April 17, 2019 in New York City. (Photo by Johannes EISELE / AFP) (Photo credit should read JOHANNES EISELE/AFP/Getty Images)
JOHANNES EISELE/AFP/AFP/Getty Images
A Capital One bank is pictured on April 17, 2019 in New York City. (Photo by Johannes EISELE / AFP) (Photo credit should read JOHANNES EISELE/AFP/Getty Images)
Now playing
01:26
Capital One hack exposes 100 million customers
NEW YORK, NEW YORK - MAY 11: People walk by the New York Stock Exchange after global stocks fell as concerns mount that rising inflation will prompt central banks to tighten monetary policy on May 11, 2021 in New York City. By mid afternoon the tech-heavy Nasdaq Composite had lost 0.6% after falling 2.2% at its session low. (Photo by Spencer Platt/Getty Images)
Spencer Platt/Getty Images
NEW YORK, NEW YORK - MAY 11: People walk by the New York Stock Exchange after global stocks fell as concerns mount that rising inflation will prompt central banks to tighten monetary policy on May 11, 2021 in New York City. By mid afternoon the tech-heavy Nasdaq Composite had lost 0.6% after falling 2.2% at its session low. (Photo by Spencer Platt/Getty Images)
Now playing
02:09
Stocks tumble as concerns grow over Delta variant
A car drives by a Speedway gas station next to the Shell refinery on March 03, 2021 in Martinez, California. Gas prices have increased across the United States to a national average of $2.72 per gallon, an increase of 30 cents from one month ago. Gas in California has an average price of $3.68 per gallon, the highest in the nation. (Photo by Justin Sullivan/Getty Images)
Justin Sullivan/Getty Images
A car drives by a Speedway gas station next to the Shell refinery on March 03, 2021 in Martinez, California. Gas prices have increased across the United States to a national average of $2.72 per gallon, an increase of 30 cents from one month ago. Gas in California has an average price of $3.68 per gallon, the highest in the nation. (Photo by Justin Sullivan/Getty Images)
Now playing
04:01
Gas prices are high. Here's why
Now playing
02:46
The US needs construction workers
BetterUp CEO Alexi Robichaux workplace mental health orig_00023111.png
BetterUp CEO Alexi Robichaux workplace mental health orig_00023111.png
Now playing
03:06
This CEO says leaders need to focus on mental health to boost productivity at work
A driver uses the Didi Chuxing ride-hailing app on his smartphone while driving along the street in Beijing on July 2, 2021. (Photo by Jade GAO / AFP) (Photo by JADE GAO/AFP via Getty Images)
Jade Gao/AFP/Getty Images
A driver uses the Didi Chuxing ride-hailing app on his smartphone while driving along the street in Beijing on July 2, 2021. (Photo by Jade GAO / AFP) (Photo by JADE GAO/AFP via Getty Images)
Now playing
02:13
Didi shares plummet after China bans it from app stores
Now playing
01:26
Meghan McCain announces her departure from 'The View'
Kena Betancur/Mark Ralston/AFP/Getty Images
Now playing
01:35
Meet the 82-year-old woman going to space with Jeff Bezos
YouTube/HyundaiWorldwide
Now playing
02:17
Dancing robot dog teams up with popular K-pop band BTS
In this picture taken on October 18, 2018, a driver working for ride-sharing company Didi follows a map on his smartphone to bring a customer to his destination in Beijing. - Didi is a popular taxi and ride-sharing service in China that is operated via a smartphone app. (Photo by Nicolas ASFOURI / AFP) (Photo credit should read NICOLAS ASFOURI/AFP/Getty Images)
Nicolas Asfouri/AFP/Getty Images
In this picture taken on October 18, 2018, a driver working for ride-sharing company Didi follows a map on his smartphone to bring a customer to his destination in Beijing. - Didi is a popular taxi and ride-sharing service in China that is operated via a smartphone app. (Photo by Nicolas ASFOURI / AFP) (Photo credit should read NICOLAS ASFOURI/AFP/Getty Images)
Now playing
03:42
China's Didi makes NYSE debut
LOS ANGELES, CA - OCTOBER 21: Tucker Carlson speaks onstage during Politicon 2018 at Los Angeles Convention Center on October 21, 2018 in Los Angeles, California. (Photo by Rich Polk/Getty Images for Politicon )
Rich Polk/Getty Images
LOS ANGELES, CA - OCTOBER 21: Tucker Carlson speaks onstage during Politicon 2018 at Los Angeles Convention Center on October 21, 2018 in Los Angeles, California. (Photo by Rich Polk/Getty Images for Politicon )
Now playing
01:18
Tucker Carlson says he's being spied on. His own colleagues don't seem to believe it
(GERMANY OUT) Chevron gas station standing out against the dawning sky after the sunset. (Photo by Dünzl\ullstein bild via Getty Images)
Dünzl/ullstein bild/Getty Images
(GERMANY OUT) Chevron gas station standing out against the dawning sky after the sunset. (Photo by Dünzl\ullstein bild via Getty Images)
Now playing
01:12
Gas prices are expected to spike. Here's why
Now playing
02:06
This July 4th staple will be pricier this year
HBO
Now playing
01:51
John Oliver exposes loophole in US health care system that targets evangelicals
President Joe Biden speaks about infrastructure negotiations, in the East Room of the White House, Thursday, June 24, 2021, in Washington. Vice President Kamala Harris stands at left.
Evan Vucci/AP
President Joe Biden speaks about infrastructure negotiations, in the East Room of the White House, Thursday, June 24, 2021, in Washington. Vice President Kamala Harris stands at left.
Now playing
01:33
How will the bipartisan infrastructure deal be paid?
Now playing
00:56
Watch Yellen warn Congress: This could have 'catastrophic economic consequences'
New York CNN Business —  

In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers’ accounts and credit card applications earlier this year.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.

A criminal complaint says Thompson tried to share the information with others online. The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using, the Justice Department said. She was able to gain access by exploiting a misconfigured web application firewall, according to a court filing.

Thompson was arrested Monday in connection with the breach, the Justice Department said. Thompson’s attorney could not be immediately reached for comment.

The Capital One hack

Capital One (COF) said the hack occurred March 22 and 23 and includes credit card applications as far back as 2005. The company indicated it fixed the vulnerability and said it is “unlikely that the information was used for fraud or disseminated by this individual.” However, the company is still investigating. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Capital One (COF) CEO Richard Fairbank in a statement.

The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.

However, “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised,” the company noted.

Capital One said it will notify people affected by the breach and will make free credit monitoring and identity protection available. The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.

Capital One’s stock was down 5% in premarket trading Tuesday.

How Capital One got hacked

The criminal complaint against Thompson paints a picture of a less-than-careful suspect.

Thompson posted the information on GitHub, using her full first, middle and last name, the complaint says. She also boasted on social media that she had Capital One information.

In a channel on Slack, a chat service often used by businesses as well as other groups, Thompson explained the method she used to break into Capital One, the Justice Department alleges. She claimed to use a special command to extract files in a Capital One directory stored on Amazon’s servers.

“I wanna get it off my server that’s why Im archiving all of it lol,” Thompson allegedly posted on Slack. One person was alarmed by what Thompson found, writing that the information was “sketchy,” adding, “don’t go to jail plz.”

Thompson made little effort to disguise her identity. She allegedly used the screen name “erratic” on Slack, which was the same handle she used on a Twitter account and a Meetup chatroom page.

The FBI special agent who investigated Thompson believes Thompson tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.

One person who saw the information on GitHub notified Capital One of the “leaked data” belonging to the company. Capital One notified the FBI, and an agent searched Thompson’s residence on Monday. They found devices in her possession that reference Capital One and Amazon as well as other entities that may have been targets of attempted — or actual – breaches.

The complaint indicates Thompson “recognizes that she has acted illegally.”