Update – Capital One Data Breach

In a new indictment filed on August 28, 2019, Paige Thompson is accused of hacking 30 more companies and cryptojacking. The indictment alleges one count of wire fraud and one count of computer fraud and abuse for illicitly accessing data on more than 30 other entities, including Capital One. Each charge carries a penalty of up to 25 years in prison.

Paige Thompson

Paige Thompson

Information on the Capital One Breach

Paige Thompson, 33, was arrested on Monday, July 29, 2019 for attempting to share breached information online.  Thompson “previously worked as a software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One was using the Justice Department said”, as reported by CNN.

The breach consisted of 100 Million Capital One credit card applications and accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, and an undisclosed number of names, addresses, credit scores, credit limits, balances, and other information.  Thompson then tweeted she was looking to “distribute Social Security numbers along with full names and dates of birth” according to the FBI special agent investigator.

Capital One reported the hack happened on March 22 and 23rd after which the vulnerability was found and fixed.  Capital One also stated no credit card numbers or login information was part of this breach.

The most recent indictment claims Thompson allegedly used the computing power of the misconfigured servers to mine cryptocurrency, a practice known as cryptojacking. The names of the 30 victims were not contained in the indictment, but three of the victims were described as “state agency of a state that is not the State of Washington”, “a telecommunication conglomerate located outside the United States that provides services predominantly to customers in Europe, Asia, Africa, and Oceania”, and “a public research university located outside the State of Washington”.

Want to learn more?  CNET has published more information on the Capital One breach and steps which can be taken to protect your information going forward.

Sources and more information:

US Department of Justice indictment
https://www.justice.gov/usao-wdwa/press-release/file/1198481/download

The Hacker News
https://thehackernews.com/2019/08/paige-thompson-capital-one.html?m=1

Infosecurity
https://www.infosecurity-magazine.com/news/alleged-capital-one-hacker-accused/

CNN
https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

CNET
https://www.cnet.com/how-to/capital-one-breach-what-you-can-do-following-bank-data-hack/

Ready to have a conversation?

We would really love to hear from you! Give us a call at 608-563-1975 or fill out the form below to start working with our team.

Fill out my online form.

How to Build a Security-First Culture That Empowers Your Hybrid Workforce
Tools are only as good as their users. This should be your …
Top 9 IoT-Related Security Threats Businesses Face
The Internet of Things (IoT) is rapidly changing the technology landscape as …
All You Need to Know About Least Privilege
In IT, the principle of least privilege (PoLP) refers to the concept …
Kaseya VSA Ransomware attack
We at ITNS Consulting would like to commend Kaseya for their amazing …
Your Biggest Cybersecurity Risk: Your Untrained Employees
Cybercriminals work round the clock to detect and exploit vulnerabilities in your …
Best Practices for a Secure Supply Chain
Your business’ cybersecurity posture must prioritize detection, evaluation and mitigation of risks …
How to Effectively Manage Supply Chain Risks
Digital transformation has made many things easier for businesses, right from inventory …
Ransomware: Cybersecurity’s Biggest Bully Yet
Can you imagine logging into your system to access your business data …