Captial One Bank

Here's The Latest On The History-Making Capital One Data Breach

July 31, 2019
New details have emerged about the woman accused of masterminding a breach of Capital One data related to more than 100 million people. The data breach is being reported as one of the largest in history to hit a bank.

Media outlets reported today that Paige Adele Thompson, a former employee, exploited a poorly configured firewall on Inc.’s cloud to obtain the data from Capital One.

The data breach stands out not only for its size, but because it allegedly was carried out by a former Amazon insider against a cloud customer.

According to the Wall Street Journal, Thompson posted Twitter messages prior to her arrest in Seattle Monday stating that she had “basically strapped myself with a bomb vest” by pilfering data including Social Security numbers, full names and dates of birth from Capital One. Media also reported that 77,000 bank account numbers were taken.

Thompson may have leveraged knowledge she gained while working at Amazon Web Services from 2015 to 2016 to launch the alleged attack, media reported.

Posting from the handle “erratic,” Thompson recently tweeted about the death of her cat, the difficulties of being transgender and being homeless, The Journal reported. She also said that she was checking herself into a mental-health facility.

In an interview with the Seattle Times published today, Thompson’s roommates said she was a system engineer at Amazon until she lost her job in 2016, when she began drinking at work to “deal with harassment from a co-worker.’’

The roommates described her as a “very, very skilled” white hat hacker with the knowledge required to “hack foreign governments.’’ One of the roommates told The Times that Thompson tried to warn Capital One about vulnerabilities in its firewall but was ignored. She posted links to the company’s data on GitHub to “teach them a lesson,’’ the roommate said.

The exposed data includes information submitted by customers and small businesses that applied for Capital One Credit cards between 2005 to early 2019, the company said in a release.

The FBI said the digital devices it seized from Thompson’s home may contain data from other companies.

Capital One tweeted that information about the data breach could be found at

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

log management

How A Log Management Assessment Can Prepare Your Organization for a Cyber Attack

This article delves into the significance of log analysis in a forensic readiness assessment and outlines best practices for organizations to optimize their log management strategies …
Business Impact Assessments

Importance of Business Impact Assessments

In the event of a data breach, Business Impact Assessments will help your organization prioritize recovery steps and get back to business faster …
cybersecurity incident response

How to Choose the Right Tabletop Scenario for Incident Response Testing

To effectively combat these threats, organizations must invest in robust cybersecurity incident response strategies …