Also on Monday, the alleged hacker, identified as Paige A. Thompson, was arrested by federal agents in Seattle, according to a published report.
The breach would be considered among the largest involving a big bank. In a press release, Capital One said the hack affected approximately 100 million individuals in the U.S. and approximately 6 million in Canada.
No credit card account numbers or log-in credentials were compromised and more than 99% of Social Security numbers were not compromised, the company said. The largest category of information accessed was information on consumers and small businesses as of the time they applied for a credit card products from 2005 through early 2019. That information would have included names, addresses, zip codes, phone numbers, email addresses, dates of birth, and self-reported income and some credit card customer and transaction data.
The company said it would notify affected customers and provide free credit monitoring and identity protection available to those affected.
A story in the online edition of The Wall Street Journal, citing people familiar with the matter, reported Thompson is a former employee of Amazon Web Services Inc., the cloud-computing division of Amazon (AMZN - Get Report) . The Journal also reported that a lawyer for Thompson, who was arrested Monday and appeared in Seattle federal court for an initial hearing, didn't immediately respond to a request for comment.
The incident is expected to cost the bank approximately $100 million to $150 million, the company said.
Shares of Capital One were down 3.92, or 4%, to $93. in after-hours trade. The stock closed Monday down 1.18% at $96.92.