Seattle woman is arrested for massive data breach targeting Capital One Bank and credit rating company Equifax
Systems engineer Paige Thompson, a 33-year-old transwoman, was arrested on Monday by federal authorities
Justice Department alleges Thompson, a systems engineer who worked at a cloud computing company.
hacked into Capital One Bank’s data system
Lender says hacking affected personal data of about 100 million customers in US, as well as, another 6 million people who live in Canada
Capital One received tip on July 17 indicating its systems were hacked, customers personal data was appearing online
Thompson allegedly posted the breached data on the GitHub web site
Feds used IP addresses to trace the source of the alleged hack, which led to Thompson
Thompson allegedly bragged about to the hack in online chats on Slack and Twitter, acknowledging that her activities illegal
The McLean, Virginia-based bank said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
Capital One says it believes that it is unlikely that the information was used for fraud , but it will continue to investigate.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers.
It will offer free credit monitoring services to those affected.
‘Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised,’ Capital One said in a statement.
Earlier in July, Capital One Bank was tipped off by an anonymous source that leaked PII data belonging to their customers was turning up on the GitHub web site
Leaving a trail: Thompson also allegedly admitted to the hacks during private direct messages from her Twitter account
‘The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.
‘This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes, post codes, phone numbers, email addresses, dates of birth, and self-reported income.
‘Safeguarding applicant and customer information is essential to our mission and our role as a financial institution.
‘We have invested heavily in cybersecurity and will continue to do so.
‘We will incorporate the learnings from this incident to further strengthen our cyber defenses.’
According to the FBI, Thompson posted information she gleaned from the hack onto the GitHub web site.
Thompson is also alleged to have posted messages on social media admitting to the hacks while knowing that what she was doing was illegal.
The FBI says that IP addresses used by Thompson are controlled by IPredator, a digital security firm that offers virtual private network services.
Thompson, a transgender woman, allegedly used the same services to post the data onto GitHub.
On July 17, an anonymous internet user sent an email to Capital One indicating that someone was posting leaked data on GitHub.
The email contained a link whose address included Thompson’s full name – ‘paigeadelethompson’.
Investigators traced the link and discovered that Thompson is a systems engineer who worked at a cloud computing company.
Authorities say that they became convinced that Thompson was the owner of the GitHub page.
The page includes a number of server list IP addresses that match the same addresses used by the hacker who broke into Capital One, according to the FBI.
The FBI says that it also found a Meetup page used by Thompson which contains a link inviting others to a Slack chat.
In that chat, Thompson, who went by the alias ‘erratic,’ admitted to others that she hacked the data and was looking for an online location to store it.
On June 27, one Meetup user chatting with ‘erratic’ wrote: ‘Sketchy s***…don’t go to jail plz.’
To which ‘erratic’ replied: ‘I wanna get it off my server that’s why I’m archiving all of it lol.’
The geek’s last known place of employment was at Amazon, where she worked as a systems engineer from May 2015 until September 2016
FBI investigators also tracked down a Twitter account alleged to be that of Thompson.
The arrest affidavit contains a screenshot of a Twitter chat by ‘erratic’ in which the user admits: ‘I’ve basically strapped myself with a bomb vest, f*****g dropping capitol ones dox and admitting it…I wanna distribute those buckets i think first.’
The arrest affidavit filed by the FBI states that ‘buckets’ is synonymous with file folders.
By ‘distributing buckets,’ Thompson allegedly meant that she sought to ‘disseminate data stolen from victim entities, starting with Capital One,’ according to the FBI.
According to Thompson’s resume, she worked at a number of Seattle-area tech firms, including Amazon, ATG Stores, and Connect XYZ.
Her last known place of employment was at Amazon, where she worked as a systems engineer from May 2015 until September 2016.
The resume states that she attended Bellevue Community College beginning in January 2005, but she left school in May of the next year ‘to pursue a career opportunity.’
Thompson’s Twitter account reveals a troubled woman who speaks of her desire to undergo doctor-assisted suicide in Denmark.
She also tweeted that her ‘boy’ was deported to Greece, though it is unclear what she meant.
Thompson writes: ‘look im not a stupid person but im hopeless on my own because my emotions are very hard to control i need someone i can trust and my boy got deported to greece despite his worthy MIT/aws/Ec2-security principality.’
MIT presumably is a reference to the Massachusetts Institute of Technology.
‘AWS’ is the abbreviation for Amazon Web Services, the cloud computing platform owned by the online retail giant.
In one Twitter post, she tagged the Seattle Police Department and President Trump, writing: ‘I would like to make good on the deportation initiative and surrender myself to detainment and deportation. ‘I am in this country illegally, I just want to get this over with. What should I do?’
She also claimed in a tweet that she is illegally in the United States and that she wants the government to deport her back to her native home on the Pacific island of Tuvalu
In 2018, AWS generated almost $7.3billion in operating income.
‘EC2’ is a reference to Amazon Elastic Compute Cloud, which is a key part of its AWS platform.
Other Twitter posts included images of her and her cat, which she says needed to be euthanized by the vet.
She also claimed in a tweet that she is illegally in the United States and that she wants the government to deport her back to her native home on the Pacific island of Tuvalu.
In one Twitter post, she tagged the Seattle Police Department and President Trump, writing: ‘I would like to make good on the deportation initiative and surrender myself to detainment and deportation.
‘I am in this country illegally, I just want to get this over with. What should I do?’
In the same thread, she writes: ‘I am unable to physically relocate back to where i came from, is there a line to get in perhaps i could catch a flight out with some other folks who are going back?’
In another Twitter post, she writes: ‘I look like a disgusting crackwhore.’
In July 2017, Capital One sent letters to an unspecified number of customers informing them that their data may have been compromised by one of the company’s employees.
Capital One said in the letter that it had fired the employee and notified law enforcement.