The massive data breach announced this week by Capital One did not affect the card issuer's corporate cardholders, the company said. The breach exposed the personal data of more than 100 million consumers in the U.S. and 6 million in Canada. The hacker collected the bulk of that data from consumers and small businesses who applied for Capital One credit card products between 2005 and early 2019.
Capital One's commercial banking division, which operates the company's corporate card products, not including small business cards, was "not impacted" by the breach, according to a company spokesperson.
The compromised information includes names, addresses, email addresses, phone numbers and dates of birth, as well as 140,000 U.S. Social Security numbers and 1 million Canadian Social Insurance Numbers. The hack did not access card numbers or account login information, Capital One said. The company promised to notify affected individuals "through a variety of channels" and offer free credit monitoring and identity protection to those affected.
The hack was allegedly perpetrated by Paige Thompson, a 33-year old Seattle woman who had worked for Amazon Web Services, the cloud hosting company used by Capital One, before the hack occurred. She accessed the data by exploiting a misconfigured application firewall, according to the Justice Department. The FBI arrested Thompson on Monday.