Authorities claim a Seattle software engineer was responsible for the hacking of Capital One and obtained the personal data of over 100 million people in what appears to be one of the biggest breaches of a big bank in history.
Paige Thompson, 33, was caught by Seattle authorities after leaving an extensive digital footprint of her alleged crime on the Internet, including boasting about it on the Internet, authorities said. She’s now charged with one count of computer fraud and abuse.
Capital One said Monday that Thompson – who according to a FBI complaint also goes by the handle “erratic” – got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said.
The breach in total affected about 100 million people in the U.S. and 6 million in Canada. The bank will offer free credit monitoring services to those affected.
The bank said it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
The FBI said that some of the information obtained from the bank appeared on the code-hosting site GitHub on July 17, while a month before that, a Twitter user who went by “erratic” sent another user a direct message on Slack alerting about the distribution of the bank’s data that includes names, birthdates and Social Security numbers.
“I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it,” the message said. “I wanna distribute those buckets I think first.”
“I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it. I wanna distribute those buckets I think first.”
Thompson, a former employee of Amazon Web Services, didn’t try to hide on the Internet that she was a hacker, the New York Times reported. She was listed as an organizer of a hacker group on social network Meetup.
“I’ve been meaning to put together something like a hack night or somethng soon,” she wrote on May 13, according to the newspaper.
“It’s been a crazy past two weeks, and my cat had to go to the vet everyday last week but she’s finally starting to recover maybe this wednesday in capitol hill? I’ll do an all day thing at starbucks until they close, I’e got nothing better to do,” she added.
Investigators say they verified Thompson’s online persona after she posted a photo of an invoice she had gotten from a veterinarian looking after one of her pets.
The bank said the most of of the hacked data consists of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. The data also expose phone numbers, email addresses, dates of birth and self-reported income.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Capital One CEO Richard D. Fairbank. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The Associated Press contributed to this report.