Capital One Suspect ‘Breached 30 Other Organisations’ – Report

The hacker arrested last month for the Capitol One hack in March this year has allegedly stolen data from many other businesses.

US federal authorities arrested Paige Thompson last month, after she allegedly boasted of the exploit on the GitHub code hosting site.

The hack is believed to be one of the largest in banking history and affected 100 million people in the US, and 6 million in Canada. Virginia-based Capital One said it became aware of the attack on 19 July and reported it to law enforcement.

Other Breaches

The hackers were able to steal data including credit scores and balances, as well as the Social Security numbers of about 140,000 individual.

Now the Wall Street Journal reported that prosecutors at the US Department of Justice in court documents have alleged that Thompson not only targeted Capital One, but she also allegedly took files from over 30 other organisations.

Paige Thompson has already been charged with a single count of computer fraud and abuse in the US District Court in Seattle, and faces a maximum sentence of five years in prison and a fine of $250,000 (£204,713).

But the FBI raided Thompson’s residence in July and seized digital devices, with an initial search finding files that made references to Capital One and “other entities that may have been targets of attempted or actual network intrusions”.

And now prosecutors claim that Thompson had “terabytes” of data in her possession.

She used to work for Amazon and reportedly also stole data from its cloud servers.

“The perpetrator of this breach was identified unusually fast and turned out to be a former employee of AWS,” said Igor Baikalov, chief scientist at Securonix.

“This fact alone shouldn’t be considered a setback for the adoption of public cloud. It should rather be viewed as another harsh reminder of the importance of third party security and insider threat programs for both providers and consumers of public cloud services,” he said.

Flight risk

This means that further charges could be levelled against her, due to the evidence gathered from her home.

The FBI is reportedly working to identify all those who had had data taken so it could alert them to the suspected theft.

Thompson has remained in custody, and is scheduled to appear at a bail hearing 22 August.

Prosecutors have cited Thompson’s past behaviour, when they asked the court to deny bail out of concern she would “resort to threats, violence, or cybercrime.” They alleged that Thompson had a “long history” of threatening to kill others and herself.

Prosecutors also reportedly said they consider Thompson a flight risk.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

3 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

4 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

4 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

5 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

5 hours ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

6 hours ago