In April 2021, the Maine Office of the Attorney General disclosed an **insider wrongdoing breach** at Capital One, occurring between **September 2, 2020, and February 25, 2021**. The incident involved an internal actor who improperly accessed and potentially compromised **sensitive personal information** of at least one Maine resident, including **credit card account numbers and Social Security numbers**. Such data exposure poses significant risks, including identity theft, financial fraud, and long-term reputational harm to the affected individual. In response, Capital One provided **24 months of free credit monitoring** via TransUnion’s *myTrueIdentity* service to mitigate potential damages. The breach highlights vulnerabilities in internal controls, emphasizing the critical need for robust insider threat detection and access governance to prevent unauthorized data handling by employees or contractors.
TPRM report: https://www.rankiteo.com/company/capital-one
"id": "cap019090625",
"linkid": "capital-one",
"type": "Breach",
"date": "9/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 1,
'industry': 'Banking/Financial',
'location': 'United States (Maine resident affected)',
'name': 'Capital One',
'type': 'Financial Services'}],
'attack_vector': 'Insider Wrongdoing',
'customer_advisories': 'Offered 24 months of free credit monitoring '
'(TransUnion myTrueIdentity)',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 1,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, Financial Data)',
'type_of_data_compromised': ['Credit Card Account Numbers',
'Social Security Numbers (SSN)']},
'date_detected': '2021-02-25',
'date_publicly_disclosed': '2021-04-22',
'description': 'On April 22, 2021, the Maine Office of the Attorney General '
'reported that Capital One experienced an insider wrongdoing '
'breach affecting one Maine resident. The breach took place '
'between September 2, 2020, and February 25, 2021, potentially '
'compromising sensitive personal information, including credit '
'card account numbers and Social Security numbers. Capital One '
'offered 24 months of free credit monitoring through '
"TransUnion's myTrueIdentity service to the affected "
'individual.',
'impact': {'brand_reputation_impact': 'Potential (limited to one individual)',
'data_compromised': True,
'identity_theft_risk': True,
'payment_information_risk': True},
'investigation_status': 'Disclosed (no further details provided)',
'references': [{'date_accessed': '2021-04-22',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Offered 24 months of free credit '
'monitoring to the affected individual',
'third_party_assistance': 'TransUnion (myTrueIdentity credit '
'monitoring)'},
'threat_actor': 'Insider (Employee/Contractor)',
'title': 'Capital One Insider Wrongdoing Breach (2021)',
'type': 'Insider Threat / Data Breach'}