Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested

CaptainDork shares a report from Forbes: Capital One said Monday that sensitive financial information — including social security and bank account numbers — from over 100 million people were exposed in a massive data breach that led to the arrest of former Amazon employee Paige Thompson, a hacker who lives in Seattle. The information was taken from credit card applications submitted to the Virginia-based bank from 2005-2019. These included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income. Additionally, Capital One said that 140,000 Social Security and 80,000 linked bank account numbers were compromised as well as fragments of transaction data from a total of 23 days during 2016, 2017 and 2018. No credit card account numbers or log-in credentials were exposed. Individuals whose information was compromised in the breach will be notified by Capital One. According to court documents, Paige Thompson was arrested for hacking into cloud computer servers rented by Capital One. Investigators say Thompson previously worked at the cloud computing company whose servers were breached, but did not name the company.

“Thompson’s resume, which is still online, and her LinkedIn profile indicate that she worked at Amazon, which operates the popular cloud computing business Amazon Web Services, from 2015-2016,” reports Forbes. “Thompson allegedly posted the information from the hack on her Github profile, which included a link to her resume, leading the FBI to her. The hack occurred on March 22 or 23, the court documents say, but no one at Capital One knew the bank had been breached until four months later when an anonymous security researcher alerted them.”