By Uday Sampath | Reuters

Capital One Financial Corp said on Monday personal information including names, addresses, phone numbers and credit scores of about 100 million individuals in the United States and 6 million people in Canada were obtained by a hacker who has been arrested.

The U.S. credit card issuer said it identified the hack on July 19 and the individual responsible has been arrested by the Federal Bureau of Investigation.

The incident is expected to cost between $100 million and $150 million in 2019, mainly due to customer notifications, credit monitoring and legal support, Capital One said.

The hacker did not gain access to credit card account numbers, but about 140,000 social security numbers and 80,000 linked bank account numbers were compromised, Capital One said.

About 1 million social insurance numbers of the company’s Canadian credit card customers were also compromised.

The hacker was able to ‘exploit’ a ‘configuration vulnerability’ in the company’s infrastructure, it said, adding that the vulnerability was reported to Capital One by an external researcher.

Update:

The U.S. Justice Department said Paige Thompson, a former Seattle technology company software engineer, was arrested on Monday on a criminal complaint charging computer fraud and abuse for hacking into stored data of Capital One Financial Corp.

Thompson, 33, made her initial appearance in U.S. District Court in Seattle on Monday and was ordered detained pending a hearing on Aug. 1, the statement said.