Capital One lost data from as many as tens of millions of credit card applications after a Seattle woman hacked into a cloud-computing company server, federal prosecutors in Seattle said.
The woman, Paige A. Thompson, was arrested Monday and appeared in federal court in Seattle. The data theft occurred some time between March 12 and July 17, prosecutors said. The cloud-computing company, on whose servers Capital One rented space, wasn’t identified in court papers.
“According to Capital One, the data includes data regarding large numbers of applications, likely tens of millions of applications,” according to a complaint filed in federal court in Seattle. “According to Capital One, that data includes approximately 120,000 Social Security numbers and approximately 77,000 bank account numbers.”
Tatiana Stead and Sie Soheili, spokespersons for Capital One, did not immediately respond to requests for comment.
In court on Monday, Thompson broke down and laid her head down on the defense table during the hearing. She is charged with a single count of computer fraud and faces a maximum penalty of five years in prison and a $250,000 fine.
U.S. Magistrate Judge Mary Alice Theiler ordered Thompson to be held. A bail hearing is set for Aug 1.
More must-read stories from Fortune:
—How the government should spend Facebook’s $5 billion fine
—Cloud gaming is big tech’s new street fight
—Should companies bolster their cybersecurity by “hacking back”?
—FaceApp’s Russia link is the latest alarm in an ongoing digital red scare
—Equifax may owe you some money. Here’s how to get it
Catch up with Data Sheet, Fortune's daily digest on the business of tech.