Ex-Amazon Employee Paige Thompson Arrested For Allegedly Hacking Millions Of Capital One Accounts

The personal information of approximately 106 million Capital One customers have been leaked in one of the biggest data breaches ever.

Federal agents arrested 33-year-old Paige Thompson for the Capital One break-in, saying that the software engineer hacked into the country's seventh largest bank to access personal information of millions of customers and applicants.

Former Amazon Employee Allegedly Hacked Capital One

According to CNN, Thompson used to work as a systems engineer for a cloud hosting company that Capital One was a client of. While the complaint from the Justice Department didn't specify the company, Amazon Web Services confirmed that that she used to work with them, leaving the company three years prior to the breach.

Thompson allegedly gained access to Capital One's data by exploiting a misconfiguration of a web application firewall.

Investigators were able to trace the crime to Thompson by scouring online, particularly the engineers movements on platforms such as Slack, Twitter, and Meetup. Thompson, who used the alias "erratic," made statements on these websites referencing the Capital One files.

"Ive basically strapped myself with a bomb vest, f---ing dropping Capital One's dox and admitting it," Thompson reportedly said in a private Twitter message to a person who reported the breach later.

Certain information from the breach were also shared on software development platform GitHub by an account that has her full first, middle, and last name.

Another GitHub user reported the leaked information to the FBI, who proceeded to search Thomson's residence on Monday, July 29. Among the evidence found are devices that reference Capital One, Amazon, and other companies that may have been targets of breaches.

About The Hack

The data accessed from Capital One includes 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers. An undisclosed amount of names, addresses, credit scores, credit limits, balances, and other data were also breached.

According to Capital One, no credit card account numbers and log in information were breached, plus 99 percent of the Social Security numbers were found safe.

The company expects the hack to cost them $100 to $150 million and says that they will be providing free credit monitoring and identity protection.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Richard D. Fairbank, Capital One chairman and CEO, said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right."

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics