A Capital One Financial data breach left the personal information of six million Canadians compromised, the company revealed Monday.
The company provides Mastercard credit cards for Costco Wholesale’s Canadian retail network and the Hudson’s Bay Company.
The FBI has arrested the alleged hacker, who also reportedly accessed the information of 100 million United States residents, the company said in a press release.
It also apologized over the incident.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Capital One chairman and CEO Richard Fairbank said.
WATCH: How to keep your personal data safe from hackers
Here’s what you need to know about the hack, and how to find out if your account was affected.
Details on compromised information
The information included names, addresses, phone numbers, postal codes, email addresses, birthdates and self-reported income.
Capital One said approximately one million social insurance numbers (SIN) were compromised.
The information exposed in the hack was largely linked to consumers and small businesses that applied for Capital One credit card products between 2005 and early 2019, the company said in a news release.
Also exposed were customer status data, such as credit limits, scores, balances and payment histories.
However, Capital One also said no one’s credit card account numbers or login information was compromised.
“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” it added in the release.
WATCH: Equifax to pay up to $700M to U.S. as result of 2017 data breach
Capital One to contact those affected
Capital One said it will notify affected customers through a variety of ways, but didn’t specify how.
However, it did note that it won’t call individuals about it, so be wary of any calls about the breach. The company also said that customers should be extra mindful of phishing emails due to this incident.
If customers do think they are experiencing phishing emails, they can contact Capital One directly at abuse@capitalone.com
Possible steps to take
Canadians who suspect they may be affected should check their financial accounts for any unusual activity. They can call the number on the back of their credit card for questions about such transactions.
Ann Cavoukian, who works with the Privacy by Design Centre of Excellence at Ryerson University, explained that customers should keep close tabs on activity for several months.
“If you have a Capital One credit card, make sure you scour all of the charges that come in over the next six months to a year, because if you don’t you could become a victim of identity theft,” she said.
Cavoukian also recommended taking up Capital One’s offer for free credit monitoring and identity protection for people who have been affected.
LISTEN: Alex Hamerstone of TrustedSec joins Ryan Jespersen to explain what can be done to protect personal information
Those affected can ask for new credit card numbers as a precaution. However, the government does not issue new social insurance numbers if they’re lost or stolen. It may issue a new SIN if there is proof that it was used fraudulently.
The company will also be posting updates for Canadian customers here.
WATCH: Air Canada customers hacked in cyber attack
Alleged hacker charged
Paige A. Thompson, who uses the online handle “erratic.” was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle.
Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
On June 18, Thompson sent a message on Twitter to another user saying, “I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it.”
The FBI raided Thompson’s residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and “other entities that may have been targets of attempted or actual network intrusions.”
— With files from Global News reporter Jesse Ferreras, The Associated Press and The Canadian Press