Major US bank Capital One Financial Corporation confirmed Monday evening that unauthorized access was made by an outside individual who obtained “certain types of personal information” on credit card products and Capital One credit card customers. The bank also released the result of its analysis on the breach determining close to 100 million people have been affected in the United States and close to 6 million in Canada. “No credit card account numbers or log-in credentials were compromised,” says Capital One in its statement released last night.

— Who and how: FBI agents on Monday arrested 33-year-old Paige Thompson aka erratic following a criminal complaint. According to the statement released by the US Department of Justice, “[t]he intrusion occurred through a misconfigured web application firewall that enabled access to the data.” Further details provided by DOJ: “On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI. Cyber investigators were able to identify THOMPSON as the person who was posting about the data theft.” Thompson’s resume available on Gitlab says her most recent employer was Amazon Inc. where she worked as a systems engineer between 2015 and 2016.

— Don’t blame AWS: While Capital One has not explicitly named the cloud hosting provider from which the Capital One credit data was taken, reports suggest the hack was made possible as a result of how Capital One was protecting an AWS bucket. (Brian Krebs has anaylsed the hack.) Capital One, a proud AWS customer, says the breach was not the fault of AWS but due to improperly configured firewall—a problem that Capital One fixed when the company discovered it, according to a Bloomberg report.