Capital One said a hacker got access to the personal information of over 100 million individuals applying for credit.
The McLean, Virginia-based bank said Monday that it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
The FBI has arrested the person, reportedly in Seattle, according to a report in The Washington Post.
Capital One said it believes it is unlikely the information was used for fraud, but it will continue to investigate.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers. It will offer free credit monitoring services to those affected.
The data breach affected about 100 million people in the U.S. and 6 million in Canada.