Capital One Financial shares fell Tuesday, a day after the disclosure of a data breach that impacted about 100 million individuals in the U.S.
The company said Monday night it discovered the breach on July 19, and that the Social Security numbers of about 140,000 credit card customers were compromised along with 80,000 bank account numbers. The breach also exposed names, addresses, phone numbers and credit scores, among other data.
“Based on our analysis to date, this event affected approximately 100 million individuals in the United States, ” Capital One said, but noted that credit card numbers and log-in credentials were not impacted. Overall, the breach could cost Capital One between $100 million and $150 million in 2019, the bank said.
Capital One shares skidded 6.1%.
“This headline is not good one for Capital One,” said RBC Capital Markets analyst Jon Arfstrom said in a note to clients. “We worry about longer term reputational damage and also the potential for political and regulatory actions, including penalties.”
The FBI arrested Paige A. Thompson of Seattle, accusing her of computer fraud and abuse. The FBI said in court documents Thompson was investigated for “exfiltrating and stealing information, including credit card applications and other documents, from Capital One.”
Capital One said the breach was possible because of a “specific configuration vulnerability in our infrastructure.” The bank’s web services are primarily hosted by Amazon Web Services, which is Thompson’s former employer.
“Given the amount of tech investment and conversation that revolves around tech and innovation and the underlying perception of being ahead of the tech game compared to peers in the business, we are a bit surprised that a single individual could penetrate COF’s defenses and gain access to so many accounts,” Oppenheimer analyst Dominick Gabriele wrote in a note. “Short term we think this is a bit of a pride blow and could cause a short-term perception problem, but people will eventually move on.”