Update – Capital One Data Breach

In a new indictment filed on August 28, 2019, Paige Thompson is accused of hacking 30 more companies and cryptojacking. The indictment alleges one count of wire fraud and one count of computer fraud and abuse for illicitly accessing data on more than 30 other entities, including Capital One. Each charge carries a penalty of up to 25 years in prison.

Paige Thompson

Paige Thompson

Information on the Capital One Breach

Paige Thompson, 33, was arrested on Monday, July 29, 2019 for attempting to share breached information online.  Thompson “previously worked as a software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using the Justice Department said”, as reported by CNN.

The breach consisted of 100 Million Capital One credit card applications and accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and an undisclosed number of names, addresses, credit scores, credit limits, balances, and other information.  Thompson then tweeted she was looking to “distribute Social Security numbers along with full names and dates of birth” according to the FBI special agent investigator.

Capital One reported the hack happened on March 22 and 23rd after which the vulnerability was found and fixed.  Capital One also stated no credit card numbers or login information was part of this breach.

The most recent indictment claims Thompson allegedly used the computing power of the misconfigured servers to mine cryptocurrency, a practice known as cryptojacking. The names of the 30 victims were not contained in the indictment, but three of the victims were described as “state agency of a state that is not the State of Washington”, “a telecommunication conglomerate located outside the United States that provides services predominantly to customers in Europe, Asia, Africa, and Oceania”, and “a public research university located outside the State of Washington”.

Want to learn more?  CNET has published more information on the Capital One breach and steps which can be taken to protect your information going forward.

Sources and more information:

US Department of Justice indictment
https://www.justice.gov/usao-wdwa/press-release/file/1198481/download

The Hacker News
https://thehackernews.com/2019/08/paige-thompson-capital-one.html?m=1

Infosecurity
https://www.infosecurity-magazine.com/news/alleged-capital-one-hacker-accused/

CNN
https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

CNET
https://www.cnet.com/how-to/capital-one-breach-what-you-can-do-following-bank-data-hack/

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

The Case for Trust-Building as a Small Business (It’s Not Just for Enterprises)
There is a strong connection between trust and prosperity. In fact, when …
Cyber Incident Prevention Best Practices for Small Businesses
As a small business owner, you may think you are “too small” …
What a Top-Notch IT Services Provider Will Offer Your Business
There are several reasons why small and medium-sized businesses (SMBs) like yours …
Why SMBs Need to Prioritize Trust
While you would not expect a technology company to discuss topics such …
Why Smart Businesses Outsource Their IT Needs
In today's business world, technology plays a significant role in almost every …
Need More Reliable IT Services for Your Business?
One of the biggest challenges that small and medium-sized businesses (SMBs) face …
5 Security Risk Analysis Myths in the Healthcare Industry
The COVID-19 pandemic threw multiple challenges at the healthcare industry. The sector …
A Resilient Organization Starts with Cyber Resilience — Here’s Why
Global events, such as recessions and pandemics, create enormous social and economic …