“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement.
“The FBIhas arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate,” the company said in a statement late Monday.
The data leak affected approximately 100 million individuals in the US and approximately 6 million in Canada.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO, Capital One.
“I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”
However, no credit card account numbers or log-in credentials were compromised and over 99 per cent of Social Security numbers were not compromised, claimed the company.
Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the infrastructure.