Capital One Suspect ‘Breached 30 Other Organisations’ – Report

The hacker arrested last month for the Capitol One hack in March this year has allegedly stolen data from many other businesses.

US federal authorities arrested Paige Thompson last month, after she allegedly boasted of the exploit on the GitHub code hosting site.

The hack is believed to be one of the largest in banking history and affected 100 million people in the US, and 6 million in Canada. Virginia-based Capital One said it became aware of the attack on 19 July and reported it to law enforcement.

Other Breaches

The hackers were able to steal data including credit scores and balances, as well as the Social Security numbers of about 140,000 individual.

Now the Wall Street Journal reported that prosecutors at the US Department of Justice in court documents have alleged that Thompson not only targeted Capital One, but she also allegedly took files from over 30 other organisations.

Paige Thompson has already been charged with a single count of computer fraud and abuse in the US District Court in Seattle, and faces a maximum sentence of five years in prison and a fine of $250,000 (£204,713).

But the FBI raided Thompson’s residence in July and seized digital devices, with an initial search finding files that made references to Capital One and “other entities that may have been targets of attempted or actual network intrusions”.

And now prosecutors claim that Thompson had “terabytes” of data in her possession.

She used to work for Amazon and reportedly also stole data from its cloud servers.

“The perpetrator of this breach was identified unusually fast and turned out to be a former employee of AWS,” said Igor Baikalov, chief scientist at Securonix.

“This fact alone shouldn’t be considered a setback for the adoption of public cloud. It should rather be viewed as another harsh reminder of the importance of third party security and insider threat programs for both providers and consumers of public cloud services,” he said.

Flight risk

This means that further charges could be levelled against her, due to the evidence gathered from her home.

The FBI is reportedly working to identify all those who had had data taken so it could alert them to the suspected theft.

Thompson has remained in custody, and is scheduled to appear at a bail hearing 22 August.

Prosecutors have cited Thompson’s past behaviour, when they asked the court to deny bail out of concern she would “resort to threats, violence, or cybercrime.” They alleged that Thompson had a “long history” of threatening to kill others and herself.

Prosecutors also reportedly said they consider Thompson a flight risk.

Do you know all about security? Try our quiz!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Coronavirus: Samsung, Facebook, Donate Devices To NHS

Samsung donates 2,000 robust smartphones and other equipment for NHS Nightingale hospitals, as Facebook donates 2,050 Portal devices

6 hours ago

Coronavirus: Amazon’s Jeff Bezos Quizzed Over Sacked Worker

Letter to CEO over fired worker, who raised concerns about worker protection and cleanliness of local Amazon facility during pandemic

8 hours ago

Coronavirus: US Senators Advised To Avoid Using Zoom – Report

US Senate reportedly becomes the latest organisation to advise members not to use Zoom, over privacy and security concerns

8 hours ago

Google Told By French Regulator To Pay For Re-using News Or Content

Google has been instructed by the French competition authority to pay French publishers and news agencies for re-using content or…

12 hours ago

Coronavirus: UK, US Warn Hackers Are Exploiting Pandemic

Cybersecurity officials in the UK and US are warning that state-backed hackers and criminals are taking advantage of the Coronavirus…

14 hours ago

Zoom Sued For Security Lapses, Hires Ex-Facebook Security Boss Stamos

Video conferencing app hit with lawsuit for overstating its privacy standards, as it hires former Facebook security executive

1 day ago