Capital One joins a growing list of companies suffering through a significant consumer data breach.
On Monday, the financial company revealed it had discovered a hacker had gained access to the personal information of more than 100 million of its credit card customers and card applicants in the U.S. and Canada.
Capital One said the information exposed included names, addresses and emails along with credit scores and fragments of transaction data. In some cases, Social Security numbers and linked bank accounts of secured credit card customers were also compromised.
Former software engineer Paige A. Thompson, 33, was arrested and charged with computer fraud and abuse, the Justice Department said in a statement Monday.
The Capital One breach is among several in recent years leaving consumer data vulnerable to hackers. Here’s a look at some of the biggest confirmed breaches:
Capital One data breach: What you need to know
Breach fallout: How to protect yourself
What happened? In 2016, as it was negotiating an acquisition by Verizon, the internet pioneer disclosed that users’ IDs and email addresses were compromised. A year later, after Verizon acquired the company, it learned the breach had impacted all Yahoo users.
How big was the breach? 3 billion accounts
The aftermath: Verizon ended up shaving off part of its $4.5 billion price tag for Yahoo as a result of several data breaches. Four people, including two Russian intelligence officers, were charged. In April, Reuters reported that Yahoo reached a $117.5 million settlement..
2. Yahoo! (again)
What happened? In a separate 2014 incident revealed two years later, Yahoo said information from at least half a billion accounts was stolen. The information taken included email addresses, phone numbers, and even unencrypted security questions and answers.
How big was the breach? 500 million users
The aftermath: On top of the discounted price on its deal with Verizon and the arrests, the company faced multiple lawsuits over its failure to protect users’ data.
What happened? Last year, the hotel chain confirmed people who made reservations at Starwood Properties may have had their personal data accessed during a breach lasting four years. Marriott learned about an attempt to access a database last September and discovered unauthorized access to Starwood dating back to 2014. After initially reporting more than 500 million may have been impacted, Marriott revised that figure down in January to 383 million, adding passport numbers may have also been compromised.
How big was the breach? 383 million people
The aftermath: Marriott faces a $123 million fine from the U.K. government over the breach. Marriott president and CEO Arne Sorenson said they plan to contest the fine.
What happened? Names and passwords from the once-dominant social media platform were compromised, said parent company Time Inc., in 2016. Data was limited to usernames, passwords and email addresses prior to June 11, 2013, when account security was upgraded.
How big was the breach? 360 million users.
The aftermath: MySpace reset all passwords and informed affected users.
5. Under Armour
What happened? In March 2018, the fitness brand revealed that email addresses and login information for users of its MyFitnessPal app had been left vulnerable during an intrusion a month earlier. The company said no payment information, Social Security numbers or driver’s license info was compromised.
How big was the breach? 150 million users
The aftermath: Under Armour required affected users to change their passwords to protect their accounts.
What happened? Two years ago, the credit reporting service was breached, exposing information such as names, dates of birth, Social Security numbers, and payment card numbers. The company was accused of failing to patch a security flaw allowing hackers to access the data.
How big was the breach? 147 million people.
The aftermath: In July, Equifax reached a deal with the Federal Trade Commission agreeing to pay at least $575 million for credit monitoring services, states compensation and penalties to the Consumer Financial Protection Bureau. If it’s not enough to cover consumers, Equifax could pay an additional $125 million. A website has been established where users can determine if they were impacted and are eligible for compensation.
What happened? The online marketplace announced in 2014 it was encouraging users to change their passwords after a “cyberattack” on a database containing encrypted passwords, customer names, physical and email addresses, and dates of birth.
How big was the breach? 145 million users.
The aftermath: According to a 2015 report from The Hill, a class-action lawsuit filed against eBay was tossed out by a federal judge for failing to prove plaintiffs were harmed by the cyberattack.
What happened? In 2013, the retailer announced it was hit in a credit-card attack involving 40 million accounts. Weeks later, Target revealed the scope of the breach was much larger than expected, with the names, addresses and other personal data of 70 million more customers compromised.
How big was the breach? 110 million customers
The aftermath: In 2017, Target agreed to pay $18.5 million to resolve investigations into the breach involving credit card holders.
9. Capital One
What happened? The bank revealed a data breach affecting information such as credit scores, credit limits and fragments of transaction data. For some customers, Social Security numbers and linked bank account numbers were also compromised.
How big was the breach? 106 million people
The aftermath: The Department of Justice announced a former software engineer was charged with computer fraud and abuse in connection to the breach. Meanwhile, New York Attorney General Letitia James said her office will start an “immediate investigation.”
10. (tie) LinkedIn, Quora
What happened? In 2016, the professional social network urged users to change their passwords after confirming a data breach. Two years later, question-and-answer website Quora said it fell victim to a breach compromising users’ names, email addresses and encrypted passwords.
How big was the breach? 100 million users each
The aftermath: Both companies contacted users about the breach and reset passwords for some accounts.
What about data exposures like First American Financial?
In May, First American Financial confirmed a design defect could have made it possible for unauthorized access to customer data following a report 885 million digitized documents from mortgage deals as far back as 2003 were exposed. However, the company could not confirm whether anyone did gain unauthorized access to that information. At the time, the company said it hired “an outside forensic firm” to investigate whether any consumer data was compromised.
Meanwhile, last October, Google revealed a bug with its now defunct Google+ social network left exposed private data on more than 500,000 users. Google said they found no proof developers knew the bug existed or misused the exploit.
The Associated Press contributed to this report. Follow Brett Molina on Twitter: @brettmolina23.