Capital One 2019 Data Breach: 106 Million Customer Records Exposed
A former AWS employee exploited a misconfigured web application firewall to access 106 million Capital One customer records stored on AWS.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreData Types Exposed
Response Timeline
March-July 2019: Data exfiltrated through misconfigured firewall
July 17 2019: Tipster alerts Capital One
July 29 2019: FBI arrests Paige Thompson
December 2021: $190 million class action settlement
Detailed Analysis
The Capital One breach was notable for its attack vector: a misconfigured Web Application Firewall on AWS allowed a former AWS employee to exploit a Server Side Request Forgery vulnerability to access cloud-stored data. Thompson was convicted in 2022.
The breach at Capital One exposed 106 million records through misconfigured aws waf exploited by former aws employee paige thompson. 100 million US and 6 million Canadian credit card applicants and customers The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.
Current status: Paige Thompson convicted in 2022; Capital One settled for $190 million. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with Capital One can help you understand what data was exposed and request its deletion.
What To Do If Affected
- Change your password immediately on this service and any accounts using the same password
- Enable two-factor authentication on all critical accounts
- Monitor your credit reports for unauthorized activity
- Consider placing a credit freeze with major bureaus
- File a complaint with your local data protection authority
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
How many records were affected in the Capital One breach?
The Capital One data breach affected 106 million records. Data types exposed include: names, addresses, phone numbers, credit scores, Social Security numbers (140,000), bank account numbers (80,000).
What should I do if I was affected by the Capital One breach?
If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to Capital One requesting deletion of your data.
Is there compensation for Capital One breach victims?
Paige Thompson convicted in 2022; Capital One settled for $190 million Check if a class action settlement exists and whether you are eligible to file a claim.