Update – Capital One Data Breach

In a new indictment filed on August 28, 2019, Paige Thompson is accused of hacking 30 more companies and cryptojacking. The indictment alleges one count of wire fraud and one count of computer fraud and abuse for illicitly accessing data on more than 30 other entities, including Capital One. Each charge carries a penalty of up to 25 years in prison.

Paige Thompson

Paige Thompson

Information on the Capital One Breach

Paige Thompson, 33, was arrested on Monday, July 29, 2019 for attempting to share breached information online.  Thompson “previously worked as a software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using the Justice Department said”, as reported by CNN.

The breach consisted of 100 Million Capital One credit card applications and accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and an undisclosed number of names, addresses, credit scores, credit limits, balances, and other information.  Thompson then tweeted she was looking to “distribute Social Security numbers along with full names and dates of birth” according to the FBI special agent investigator.

Capital One reported the hack happened on March 22 and 23rd after which the vulnerability was found and fixed.  Capital One also stated no credit card numbers or login information was part of this breach.

The most recent indictment claims Thompson allegedly used the computing power of the misconfigured servers to mine cryptocurrency, a practice known as cryptojacking. The names of the 30 victims were not contained in the indictment, but three of the victims were described as “state agency of a state that is not the State of Washington”, “a telecommunication conglomerate located outside the United States that provides services predominantly to customers in Europe, Asia, Africa, and Oceania”, and “a public research university located outside the State of Washington”.

Want to learn more?  CNET has published more information on the Capital One breach and steps which can be taken to protect your information going forward.

Sources and more information:

US Department of Justice indictment
https://www.justice.gov/usao-wdwa/press-release/file/1198481/download

The Hacker News
https://thehackernews.com/2019/08/paige-thompson-capital-one.html?m=1

Infosecurity
https://www.infosecurity-magazine.com/news/alleged-capital-one-hacker-accused/

CNN
https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

CNET
https://www.cnet.com/how-to/capital-one-breach-what-you-can-do-following-bank-data-hack/

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

Making Ongoing Risk Management an Operational Standard
No business today is 100 percent secure from cyberthreats and more businesses …
Security – Do You Know Your Digital Risk?
Rapid technological advancement and rising global connectivity is reshaping the way the …
21 Questions to Determine if Your MSP is Ready for Prime Time or is Setting the Stage for Cybersecurity Problems
As if 2020 wasn’t challenging enough for businesses, reports warn that Managed …
The Dangers of the Inbox
There’s a greater psychological undercurrent to cyberattacks than you might think. Cybercriminals …
Securing Your Remote Workers
According to the FBI, daily cybersecurity complaints increased from 1,000 to 4,000 …
New Year, New Risks for IT & Data Security
The COVID-19 pandemic has changed everything about the world as we know …
Ransomware is on the rise again!
Many business's don't realize how common and damaging ransomware attacks have become. …
Attention, Attention… This is not a Drill!
Recently a major Health Insurance Provider sent out a “Security Due Diligence …