Captial One Bank

Here's The Latest On The History-Making Capital One Data Breach

July 31, 2019
New details have emerged about the woman accused of masterminding a breach of Capital One data related to more than 100 million people. The data breach is being reported as one of the largest in history to hit a bank.

Media outlets reported today that Paige Adele Thompson, a former employee, exploited a poorly configured firewall on Inc.’s cloud to obtain the data from Capital One.

The data breach stands out not only for its size, but because it allegedly was carried out by a former Amazon insider against a cloud customer.

According to the Wall Street Journal, Thompson posted Twitter messages prior to her arrest in Seattle Monday stating that she had “basically strapped myself with a bomb vest” by pilfering data including Social Security numbers, full names and dates of birth from Capital One. Media also reported that 77,000 bank account numbers were taken.

Thompson may have leveraged knowledge she gained while working at Amazon Web Services from 2015 to 2016 to launch the alleged attack, media reported.

Posting from the handle “erratic,” Thompson recently tweeted about the death of her cat, the difficulties of being transgender and being homeless, The Journal reported. She also said that she was checking herself into a mental-health facility.

In an interview with the Seattle Times published today, Thompson’s roommates said she was a system engineer at Amazon until she lost her job in 2016, when she began drinking at work to “deal with harassment from a co-worker.’’

The roommates described her as a “very, very skilled” white hat hacker with the knowledge required to “hack foreign governments.’’ One of the roommates told The Times that Thompson tried to warn Capital One about vulnerabilities in its firewall but was ignored. She posted links to the company’s data on GitHub to “teach them a lesson,’’ the roommate said.

The exposed data includes information submitted by customers and small businesses that applied for Capital One Credit cards between 2005 to early 2019, the company said in a release.

The FBI said the digital devices it seized from Thompson’s home may contain data from other companies.

Capital One tweeted that information about the data breach could be found at

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

penetration testing red flags

Red Flags to Be Aware of in Penetration Testing Companies

It is important to do your research when selecting a penetration testing company. Here are a few red flags to be aware of when choosing penetration testing companies …
pci compliance test

How To Test for PCI Compliance

PCI Compliance tests are a critical step in protecting your organization against cyber threats. We outline the importance of PCI Compliance tests here …
Cybersecurity Penetration Testing

5 Types of Cybersecurity Penetration Testing

If you are looking for ways to improve your company’s cybersecurity, this guide can help. Here are five types of cybersecurity penetration testing …