Paige Thompson was indicted on charges of hacking into Capital One’s data servers last week. The indictment charged the former Amazon employee of crypto-jacking.
According to the indictment, Thompson compromised over one hundred million customers who had applied for credit cards from Capital One, which would be one in every three Americans if they were all from the United States. It was one of the largest data breaches of 2019 for banks and financial institutions.
Most of Thompson’s alleged crime took place over just a four-month period ending in July of 2019, and it appears that she worked alone. The indictment alleges that she used stolen power to mine cryptocurrencies rather than selling customer data or revealing it to the public.
She transferred data onto her server by duplicating it so that it could not be easily tracked. Thompson was adept at finding easy web firewalls to broach in order to take the data, something prosecutors claim was something she had the skillsets for based on her former employment responsibilities.
The prosecuting attorneys in the case, among other charges, stated, “The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for crypto-jacking.” Thompson was likely just getting started when her cover was blown.
She faces twenty-five years in jail if convicted of the indictment. The main way in which she was caught was that Thompson bragged of her accomplishments over Slack and Twitter under different names. She also shared information, astoundingly, on GitHub even naming Capital One’s rented servers as her target. According to a report by Forbes, Thompson was stating that she would likely go back to work sometime soon, giving more clues as to who the perpetrator was to law enforcement.
Three victims in particular were mentioned included a telecommunications company, a university and even a state agency. The indictment did not make clear how much Thompson was able to steal, and if they have recovered all of the gains. Capital One has apologized to customers, and stated that they have taken more steps to assure customer data will not be breached in the future.