Hacker Steals Data Of Over 100 Million Capital One Credit Card Users And Applicants

A software engineer is in custody for the suspected hacking of the data of at least 100 million Capital One credit care users and applicants, according to federal prosecutors Monday.

The 33-year-old Seattle woman, Paige Thompson, stole 140,000 Social Security numbers, 80,000 bank account numbers and over a million Canadian social insurance numbers spanning from 2005 applications to 2019 applications, The New York Times reported.

“No bank account numbers or Social Security numbers were compromised, other than: About 140,000 Social Security numbers of our credit card customers [and] about 80,000 linked bank account numbers of our secured credit card customers,” an official statement from Capital One reads.

this line from the Capital One press release on their massive data breach is pretty unreal. Nothing compromised! Except, you know, all the stuff that was compromised. pic.twitter.com/hBAiHEShlJ

— Charlie Warzel (@cwarzel) July 30, 2019

Thompson formerly worked for Amazon Web Services, which hosted the server she eventually hacked into on March 22 and 23 through a “misconfiguration” of a firewall on a web application, the FBI agent who investigated the hack said in court papers.

She also ran a hacker group through the app Meetup, which allows users to create online groups that host in-person events for people with similar interests. The FBI tracked her activity on the app, which eventually led them to her Twitter and Slack messaging service accounts, where she bragged about the Capital One hack in a post.

“I’ve basically strapped myself with a bomb vest, dropping capital ones dox and admitting it,” Thompson wrote using a messaging service called Slack, according to prosecutors.

Capital One said the breach will cost the bank up to $150 million. The bank also said in their statement that it had “immediately fixed the configuration vulnerability.”

“Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” the bank continued.

Capital Ones CEO Richard Fairbank said in a statement, “I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”