Seattle Woman Arrested for Breaching Capital One Customer’s Data

A 33-year-old woman from Seattle was arrested last Monday and is accused of computer fraud in connection to a massive data breach of Capital One customer data. According to the company and federal officials, about 106 million data records were taken in the breach – including security numbers of customers from the USA and Canada. This incident is considered as one of the worst data center disasters that hit any financial institution. 

FBI officials filed a case against Paige A. Thompson, a former Amazon Web Services systems engineer and accused her of accessing Capital One servers and bypassing the data center security through a misconfigured firewall, starting sometime in March and downloaded massive amounts of personal data – everything from addresses and birth dates to credit scores and some transaction records.

As stated in Thompson’s résumé, she worked at Amazon from May 2015 to September 2016 as systems engineer who handles S3 and/or Amazon Simple Storage Service, which is a platform for storing millions of data applications for companies around the world.   

According to the filing, federal officials say that Capital One found a vulnerability in the cloud data center last July 19, 2 days after they have received an email tip that some of its data was exposed on Github – a website that lets software developers share projects and code.

Martini, the FBI agent that handles the case, identified Thompson’s Twitter account under username “erratic”. He found direct messages wherein Thompson boasted about her plans of distributing the acquired data. 

Thompson wrote “I wanna distribute those buckets I think first,”, “There ssns … with full name and dob.” “I’ve basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it” She added.

She also retweeted last June of news about several companies including TD Bank, Ford, and Netflix data center exposed on Amazon’s cloud storage.

The FBI made a thorough investigation of Thompson’s apartment in Seattle last Monday. They had found numerous digital devices and files referencing to Capital One and Amazon.

Her roommates were also asked about her and they confirmed that Thompson had great computer skills and “just wanted to see if she could get the data. She had no bad intentions with the data.”

Thompson is scheduled to make an appearance in court on August 1 with one charge of computer fraud. She was ordered to remain under federal custody. If she is convicted, she will definitely face 5 years in prison and charged with $250,000.

As for Capital One, the bank says they will contact affected customers and make free credit monitoring and secured protection available to them. This incident serves as a wake up call to every companies to make sure that their data center server is 100% securely protected to avoid hacking and leaking of their customer’s information