Capital One said it will notify customers whose data was exposed in the breach. (Photo by Johannes EISELE)
Topline: Capital One said Monday that sensitive financial information—including social security and bank account numbers—from over 100 million people were exposed in a massive data breach that led to the arrest of former Amazon employee Paige Thompson, a hacker who lives in Seattle.
- The information was taken from credit card applications submitted to the Virginia-based bank from 2005-2019. These included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.
- Additionally, Capital One said that 140,000 Social Security and 80,000 linked bank account numbers were compromised as well as fragments of transaction data from a total of 23 days during 2016, 2017 and 2018.
- No credit card account numbers or log-in credentials were exposed.
- Individuals whose information was compromised in the breach will be notified by Capital One.
Federal agents have arrested a Seattle woman named Paige Thompson for hacking into cloud computing servers rented by Capital One, according to court documents. Investigators say Thompson previously worked at the cloud computing company whose servers were breached, but did not name the company.
Thompson’s resume, which is still online, and her LinkedIn profile indicate that she worked at Amazon, which operates the popular cloud computing business Amazon Web Services, from 2015-2016.
Amazon did not immediately respond to a request for comment from Forbes.
Using the online alias “erratic,” Thompson allegedly talked about the files she accessed in a Slack group and in a direct message on Twitter, the court documents say.
“Ive basically strapped myself with a bomb vest, f*cking dropping capital ones dox and admitting it. I wanna distribute those buckets I think first. There are ssns… with full names and dob,” a direct message sent from Thompson reads. A screenshot of the message was included in the court documents.
Thompson allegedly posted the information from the hack on her Github profile, which included a link to her resume, leading the FBI to her. Github is an online service that allows users to upload and store code.
Forbes was unable to reach Thompson for comment.
Follow me on Twitter. Send me a secure tip.
I’m a San Francisco-based reporter covering breaking news at Forbes. Previously, I’ve reported for USA Today, Business Insider, The San Francisco Business Times and San Jose Inside. I studied journalism at Syracuse University’s S.I. Newhouse School of Public Communications and was an editor at The Daily Orange, the university’s independent student newspaper. Follow me on Twitter @rachsandl or shoot me an email rsandler@forbes.com.
Source: Capital One Says Hacker Breached Accounts Of 100 Million People; Ex-Amazon Employee Arrested