That Capitol One hack?
Using the online handle “erratic”, Thompson was active on hacker Twitter. It’s not clear why Thompson stole the data, but according to Bloomberg, the breach ranks as one of the largest-ever involving a US bank – though the data apparently wasn’t distributed to other criminals to use in identity theft schemes or other fraud. Thompson was arrested by federal prosecutors in Seattle.
Thompson is believed to have stolen the data from an AWS data-storage system that had an improperly configured firewall that Thompson was able to breach. Though Amazon insists the hack wasn’t its fault, and that Thompson infiltrated Capital One’s system to access the data.
After allegedly stealing the data, Thompson made no efforts to conceal her involvement – in fact, she posted about it publicly on forums to the point where other hackers warned her that she could be facing jail time for posting some of the information in the hack.
It’s estimated that she accessed more than 140,000 credit cad numbers and more than 100 million names.
Capital One only learned of the hack, according to BBG, when an anonymous tipster emailed them on July 17 to report the breach after seeing some of the data Thompson had posted to her Github.
So far, nobody’s money has been taken, and no sensitive data stolen has been used for nefarious purposes. Most of the data was taken from consumer and small-business credit-card applications.
“This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.”
Thompson’s defense lawyers might have a hard time coming up with a defense because Thompson is alleged to have posted messages on social media admitting to the hacks while knowing that what she was doing was illegal.
She was charged with computer fraud and abuse.