Banking Exchange Magazine Logo

Capital One Hacker Indictment Claims Crypto-Jacking

One of the largest data breaches of 2019 for banks and financial institutions

  • |
  • Written by  Banking Exchange staff
  • |
  • Comments:   DISQUS_COMMENTS
Capital One Hacker Indictment Claims Crypto-Jacking

Paige Thompson was indicted on charges of hacking into Capital One’s data servers last week. The indictment charged the former Amazon employee of crypto-jacking.

According to the indictment, Thompson compromised over one hundred million customers who had applied for credit cards from Capital One, which would be one in every three Americans if they were all from the United States. It was one of the largest data breaches of 2019 for banks and financial institutions.

Most of Thompson’s alleged crime took place over just a four-month period ending in July of 2019, and it appears that she worked alone. The indictment alleges that she used stolen power to mine cryptocurrencies rather than selling customer data or revealing it to the public.

She transferred data onto her server by duplicating it so that it could not be easily tracked. Thompson was adept at finding easy web firewalls to broach in order to take the data, something prosecutors claim was something she had the skillsets for based on her former employment responsibilities.

The prosecuting attorneys in the case, among other charges, stated, “The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for crypto-jacking.” Thompson was likely just getting started when her cover was blown.

She faces twenty-five years in jail if convicted of the indictment. The main way in which she was caught was that Thompson bragged of her accomplishments over Slack and Twitter under different names. She also shared information, astoundingly, on GitHub even naming Capital One’s rented servers as her target. According to a report by Forbes, Thompson was stating that she would likely go back to work sometime soon, giving more clues as to who the perpetrator was to law enforcement.

Three victims in particular were mentioned included a telecommunications company, a university and even a state agency. The indictment did not make clear how much Thompson was able to steal, and if they have recovered all of the gains. Capital One has apologized to customers, and stated that they have taken more steps to assure customer data will not be breached in the future.

back to top


About Us

Connect With Us


Webinar: Real-Time Payments in the U.S. Market

Time/Date: June 16, 2021 2:00 p.m. ET

The U.S. has come a long way in its journey to real-time payments, with TCH and Zelle in market and FedNow just around the corner. COVID-19 has accelerated that demand to move to real-time. Yet many financial institutions remain unconvinced of the need to move, with less than 3% of financial institutions signed up today.

In this Banking Exchange hosted webinar Celent’s Gareth Lodge, Senior Analyst, Global Payments, and Alacriti’s Mark Ranta, Payments Practice Lead, discuss the findings in the Celent research report, Real-Time Payments in the US Market: Speeding Up or Slowing Down? A Call to Arms.


This webinar is brought to you by:
Alacriti logo