July 31, 2019
New details have emerged about the woman accused of masterminding a breach of Capital One data related to more than 100 million people. The data breach is being reported as one of the largest in history to hit a bank.
Media outlets reported today that Paige Adele Thompson, a former Amazon.com employee, exploited a poorly configured firewall on Amazon.com Inc.’s cloud to obtain the data from Capital One.
The data breach stands out not only for its size, but because it allegedly was carried out by a former Amazon insider against a cloud customer.
According to the Wall Street Journal, Thompson posted Twitter messages prior to her arrest in Seattle Monday stating that she had “basically strapped myself with a bomb vest” by pilfering data including Social Security numbers, full names and dates of birth from Capital One. Media also reported that 77,000 bank account numbers were taken.
Thompson may have leveraged knowledge she gained while working at Amazon Web Services from 2015 to 2016 to launch the alleged attack, media reported.
Posting from the handle “erratic,” Thompson recently tweeted about the death of her cat, the difficulties of being transgender and being homeless, The Journal reported. She also said that she was checking herself into a mental-health facility.
In an interview with the Seattle Times published today, Thompson’s roommates said she was a system engineer at Amazon until she lost her job in 2016, when she began drinking at work to “deal with harassment from a co-worker.’’
The roommates described her as a “very, very skilled” white hat hacker with the knowledge required to “hack foreign governments.’’ One of the roommates told The Times that Thompson tried to warn Capital One about vulnerabilities in its firewall but was ignored. She posted links to the company’s data on GitHub to “teach them a lesson,’’ the roommate said.
The exposed data includes information submitted by customers and small businesses that applied for Capital One Credit cards between 2005 to early 2019, the company said in a release.
The FBI said the digital devices it seized from Thompson’s home may contain data from other companies.
Capital One tweeted that information about the data breach could be found at capitalone.com/facts2019/
