The former software engineer in Seattle hacked into a server holding sensitive customer information for Capital One Bank and obtained personal data of over 100 million people, federal prosecutors stated on Monday, in one of the largest thefts of data from a bank.
The accused, Paige Thompson, 33 had left a trail online for federal investigators to follow as she boasted about the hacking, according to court documents in Seattle, where she was arrested and charged with one count of computer fraud and abuse.
Ms. Thompson, who formerly worked for Amazon Web Services, which hosted the Capital One database that was breached, was not shy about her work as a hacker. She is listed as the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.”
[The investigation into Paige Thompson, the former software engineer accused in the Capital One data breach.]
The F.B.I. had noticed Paige Thompson’s activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service.
“I’ve basically strapped myself with a bomb vest,” Ms. Thompson wrote in a Slack post, according to prosecutors, “dropping capital ones dox and admitting it.”
Online, Ms. Thompson used the name “erratic,” investigators said, adding that they verified her identity after she posted a photograph of an invoice she had received from a veterinarian caring for one of her pets.
According to court documents and Capital One, Ms. Thompson stole 140,000 Social Security numbers and 80,000 bank account numbers in the breach.
In addition, there were tens of millions of credit card applications stolen, the company stated on Monday, the breach compromised one million Canadian social insurance numbers — the equivalent of Social Security numbers for Americans.
This critical information came from credit card applicants that customers and small to medium businesses had submitted as early as 2005 and as recently as 2019, according to Capital One, which is the nation’s third-largest credit card issuer, according to it’s official website.