In a new indictment filed on August 28, 2019, Paige Thompson is accused of hacking 30 more companies and cryptojacking. The indictment alleges one count of wire fraud and one count of computer fraud and abuse for illicitly accessing data on more than 30 other entities, including Capital One. Each charge carries a penalty of up to 25 years in prison.
Information on the Capital One Breach
Paige Thompson, 33, was arrested on Monday, July 29, 2019 for attempting to share breached information online. Thompson “previously worked as a software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using the Justice Department said”, as reported by CNN.
The breach consisted of 100 Million Capital One credit card applications and accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and an undisclosed number of names, addresses, credit scores, credit limits, balances, and other information. Thompson then tweeted she was looking to “distribute Social Security numbers along with full names and dates of birth” according to the FBI special agent investigator.
Capital One reported the hack happened on March 22 and 23rd after which the vulnerability was found and fixed. Capital One also stated no credit card numbers or login information was part of this breach.
The most recent indictment claims Thompson allegedly used the computing power of the misconfigured servers to mine cryptocurrency, a practice known as cryptojacking. The names of the 30 victims were not contained in the indictment, but three of the victims were described as “state agency of a state that is not the State of Washington”, “a telecommunication conglomerate located outside the United States that provides services predominantly to customers in Europe, Asia, Africa, and Oceania”, and “a public research university located outside the State of Washington”.
Want to learn more? CNET has published more information on the Capital One breach and steps which can be taken to protect your information going forward.
Sources and more information:
US Department of Justice indictment
The Hacker News