Capital One Data Breach

This Monday, July 22, 2019, photo shows Capital One mailing in North Andover, Mass. Capital One says a hacker got access to the personal information of over 100 million individuals applying for credit. The McLean, Virginia-based bank said Monday, July 29, 2019, it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. (AP Photo/Elise Amendola)

Capital One Financial Corp., the second-largest bank operating in Louisiana by deposits, says 77,000 people in the U.S. had bank information compromised after discovering that a cyber criminal stole personal information of 100 million credit card applicants in one of the largest financial institution hacks on record.

In some cases, the information stolen from credit card applicants was linked to Capital One bank accounts.

It was not immediately clear how many bank or credit card customers in Louisiana might be affected by the breach, and the company did not respond to requests for comment related to Louisiana. The McLean, Virginia-based bank ranks second in Louisiana in market share, based on its roughly $17 billion in deposits from customers across the state as of June 2018. Of that, about $3.4 billion in deposits are in the Baton Rouge metro area, ranking Capital One second in the market; $8.9 billion in the New Orleans area, the largest bank there; and $744 million in Lafayette, fifth-largest there. The bank has 123 branches across the state.

Capital One got its foothold in the Louisiana banking market in 2005 with New Orleans-based Hibernia Corp. At the time, Capital One was a major credit card company on the hunt for a commercial bank to bolster its credit card distribution to compete with major banks that issued credit cards.

The company said it believes it is unlikely that the information from the breach was used for fraud, but the investigation is ongoing.

Capital One was notified by a third party on July 19 that its data had appeared on a code-hosting site. The company notified authorities of the incident. The data breach involves about 100 million people in the U.S. and 6 million in Canada.

The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019, according to the FBI complaint. Capital One told the FBI that the data compromised included 120,000 Social Security numbers. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.

Paige A. Thompson, who uses the online handle "erratic" — was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.

Federal agents began tracking Thompson online after being notified by Capital One of a possible breach.

The bank is offering free credit monitoring and identity protection for people affected. It is expected to notify customers whose personal information was exposed.

The hack is among the largest security breaches of a major U.S. financial institution on record.

In 2017, a data breach at Equifax, one of the major credit reporting companies, exposed the Social Security numbers and other sensitive information of roughly half of the U.S. population.

Last week, Equifax agreed to pay at least $700 million to settle lawsuits over that breach in a settlement with federal authorities and states. The agreement includes up to $425 million in monetary relief to consumers.

Louisiana's attorney general joined other states after the Equifax breach in 2017 and was recently awarded $3 million from Equifax for the state's consumer protection division.

Louisiana Attorney General Jeff Landry's office said it plans to investigate the Capital One breach. 

The Office of the Comptroller of the Currency, which is the regulatory agency that oversees federally chartered banks, declined to comment about the breach and whether the bank is facing civil penalties.

Landry's office suggested consumers beware of "phishing" scams in which scammers may call or email people pretending to be from Capital One to gather vital information; monitor credit card accounts for any suspicious activities or changes; pull credit reports to ensure bogus accounts haven't been opened; freeze credit reports to prevent fraudulent accounts from being opened; and place a fraud alert on credit reports.

His office said to report suspicious charges to the bank and visit www.identitytheft.gov. Credit reports from Equifax, Experian and TransUnion can be checked for free every 12 months by visiting www.annualcreditreport.com. Fraud alerts can be placed on credit reports through Equifax, at (800) 525-6285; Experian, (888) 397-3742; and TransUnion, (800) 680-7289.

Acadiana Business Today: Here's what Capital One customers in Louisiana should know about data breach; St. Martin Hospital launches an $11.2 million expansion

The Associated Press contributed to this story.

Email Kristen Mosbrucker at kmosbrucker@theadvocate.com.