Update – Capital One Data Breach

In a new indictment filed on August 28, 2019, Paige Thompson is accused of hacking 30 more companies and cryptojacking. The indictment alleges one count of wire fraud and one count of computer fraud and abuse for illicitly accessing data on more than 30 other entities, including Capital One. Each charge carries a penalty of up to 25 years in prison.

Paige Thompson

Paige Thompson

Information on the Capital One Breach

Paige Thompson, 33, was arrested on Monday, July 29, 2019 for attempting to share breached information online.  Thompson “previously worked as a software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using the Justice Department said”, as reported by CNN.

The breach consisted of 100 Million Capital One credit card applications and accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and an undisclosed number of names, addresses, credit scores, credit limits, balances, and other information.  Thompson then tweeted she was looking to “distribute Social Security numbers along with full names and dates of birth” according to the FBI special agent investigator.

Capital One reported the hack happened on March 22 and 23rd after which the vulnerability was found and fixed.  Capital One also stated no credit card numbers or login information was part of this breach.

The most recent indictment claims Thompson allegedly used the computing power of the misconfigured servers to mine cryptocurrency, a practice known as cryptojacking. The names of the 30 victims were not contained in the indictment, but three of the victims were described as “state agency of a state that is not the State of Washington”, “a telecommunication conglomerate located outside the United States that provides services predominantly to customers in Europe, Asia, Africa, and Oceania”, and “a public research university located outside the State of Washington”.

Want to learn more?  CNET has published more information on the Capital One breach and steps which can be taken to protect your information going forward.

Sources and more information:

US Department of Justice indictment
https://www.justice.gov/usao-wdwa/press-release/file/1198481/download

The Hacker News
https://thehackernews.com/2019/08/paige-thompson-capital-one.html?m=1

Infosecurity
https://www.infosecurity-magazine.com/news/alleged-capital-one-hacker-accused/

CNN
https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

CNET
https://www.cnet.com/how-to/capital-one-breach-what-you-can-do-following-bank-data-hack/

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

Making Hybrid Work Environments Secure
The COVID-19 pandemic caused an unprecedented shift in the way people work. …
Defense in Depth (DiD): Think Like a Hacker
The current threat landscape is rapidly advancing, with cybercriminals constantly upgrading their …
Why Attacks on Critical Infrastructure Are Dangerous
Critical Infrastructure (CI) comprises physical and cyber assets vital for the smooth …
4 Reasons Cybersecurity Attack Surfaces Are Expanding
The COVID-19 pandemic impacted individuals and businesses all over the world in …
How Can Cyber Resilience Protect SMBs?
Small and Medium Businesses (SMBs) usually invest less in cybersecurity, making them …
How to Build a Security-First Culture That Empowers Your Hybrid Workforce
Tools are only as good as their users. This should be your …
Top 9 IoT-Related Security Threats Businesses Face
The Internet of Things (IoT) is rapidly changing the technology landscape as …
All You Need to Know About Least Privilege
In IT, the principle of least privilege (PoLP) refers to the concept …