Paige Thompson, who goes by the nickname "erratic", was arrested on one count of computer fraud and abuse, according to court documents filed in the Western District of Washington on Monday. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
Capital One said it identified a security breach on July 19 when an unauthorized source "obtained certain types of personal information" related to credit card customers and others who had applied for products, the company said in a statement on Monday.
Capital One said it is "unlikely" the stolen information was shared with anyone else before Thompson was cuffed. About 1 million Canadian Social Insurance Numbers and 160,000 U.S.
The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.
The criminal complaint infers from Thompson's online correspondences that she meant to distribute the stolen data, although the provided screenshots make it seem that she was trying to give it away rather than sell it.
Last week it was announced that Equifax, the credit-reporting company, will pay up to a record $650 million to settle US federal and state probes into a massive 2017 data breach of personal information.
About 140,000 Social Security numbers were accessed and 80,000 bank account numbers from credit card customers, Capital One said.
Also exposed were customer status data, such as credit limits, scores, balances and payment history.
Ceballos 'turns down Spurs' to sign for Arsenal
For Ceballos , growing up with local hero Reyes playing for some of the world's biggest clubs proved quite the inspiration.
Almost 6 million Capital One customers in Canada were also affected by the breach.
Capital One Chairman and CEO Richard D. Fairbank has since spoken out about the incident.
The investigation is ongoing, according to the release.
This report comes in the wake of news that Equifax may have to pay up to $700 million over a 2017 data breach, according to CNET.
In a statement, officials with the financial firm said the breach happened on March 22 and March 23, when a person managed to access customer information via a vulnerability.
Under the settlement, the company will establish a $300 million restitution fund for harmed consumers that could climb to $425 million depending on its use.
Associated Press reporter Alex Veiga in Los Angeles contributed.