Shares of the McLean, Va., company declined 7.32% at $89.83.
The hacker has been identified by authorities as Paige A. Thompson. She was arrested Monday and appeared in Seattle federal court for an initial hearing.
The Times reported that AWS hosted the Capital One database that was breached.
An Amazon spokesman told the Seattle Times that Thompson last worked for Amazon in 2016 and that the data wasn't accessed through a vulnerability in AWS's systems.
In a news release Monday, Capital One said the hack affected some 100 million individuals in the U.S. and 6 million in Canada.
No credit-card-account numbers or log-in credentials were compromised and less than 1% of Social Security numbers were compromised, the bank said.
The largest category of information accessed regarded consumers and small businesses as of the time they applied for credit-card products from 2005 through early 2019.
That information would have included names, addresses, zip codes, phone numbers, email addresses, dates of birth, and self-reported income and some credit-card customer and transaction data.
The bank said it fixed the vulnerability in its systems and would further strengthen its cyber defenses.
Regarding its customers and applicants, Capital One said it would notify the people affected by the breach and would provide them with free credit monitoring.
In addition, media reports suggested that customers of the bank check their statements and report any suspicious activity to the bank.
They also suggested that customers change their passwords. And through the major credit-reporting companies -- Experian, Equifax and TransUnion -- customers should freeze their credit accounts.
The bank said it expected the incident to cost it $100 million to $150 million.
Save 76% with our Summer Break Sale. Subscribe to our premium site Real Money and become a smarter investor! Click here today to sign up!