Captial One Bank

Here's The Latest On The History-Making Capital One Data Breach

July 31, 2019
New details have emerged about the woman accused of masterminding a breach of Capital One data related to more than 100 million people. The data breach is being reported as one of the largest in history to hit a bank.

Media outlets reported today that Paige Adele Thompson, a former Amazon.com employee, exploited a poorly configured firewall on Amazon.com Inc.’s cloud to obtain the data from Capital One.

The data breach stands out not only for its size, but because it allegedly was carried out by a former Amazon insider against a cloud customer.

According to the Wall Street Journal, Thompson posted Twitter messages prior to her arrest in Seattle Monday stating that she had “basically strapped myself with a bomb vest” by pilfering data including Social Security numbers, full names and dates of birth from Capital One. Media also reported that 77,000 bank account numbers were taken.

Thompson may have leveraged knowledge she gained while working at Amazon Web Services from 2015 to 2016 to launch the alleged attack, media reported.

Posting from the handle “erratic,” Thompson recently tweeted about the death of her cat, the difficulties of being transgender and being homeless, The Journal reported. She also said that she was checking herself into a mental-health facility.

In an interview with the Seattle Times published today, Thompson’s roommates said she was a system engineer at Amazon until she lost her job in 2016, when she began drinking at work to “deal with harassment from a co-worker.’’

The roommates described her as a “very, very skilled” white hat hacker with the knowledge required to “hack foreign governments.’’ One of the roommates told The Times that Thompson tried to warn Capital One about vulnerabilities in its firewall but was ignored. She posted links to the company’s data on GitHub to “teach them a lesson,’’ the roommate said.

The exposed data includes information submitted by customers and small businesses that applied for Capital One Credit cards between 2005 to early 2019, the company said in a release.

The FBI said the digital devices it seized from Thompson’s home may contain data from other companies.

Capital One tweeted that information about the data breach could be found at capitalone.com/facts2019/

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

Biggest Cybersecurity Trends

The Biggest Cybersecurity Trends to Watch in 2023

As we begin a new year, here’s a look at some of the top security trends that are emerging now and could pick up pace in 2023 …
Cybersecurity Threats of 2022

The Biggest Cybersecurity Threats of 2022

Here’s a look at the biggest cybersecurity threats from 2022, and what organizations should pay close attention to in the coming year …
soc 2 auditor

Top 10 Tips for Choosing a SOC 2 Auditor

Choosing a SOC 2 auditor can seem like a complicated process, but keep in mind that the most important factor is picking someone who will be a valuable partner …