NordVPN Promotion

Home / News

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Major US bank Capital One Financial Corporation confirmed Monday evening that unauthorized access was made by an outside individual who obtained “certain types of personal information” on credit card products and Capital One credit card customers. The bank also released the result of its analysis on the breach determining close to 100 million people have been affected in the United States and close to 6 million in Canada. “No credit card account numbers or log-in credentials were compromised,” says Capital One in its statement released last night.

Who and how: FBI agents on Monday arrested 33-year-old Paige Thompson aka erratic following a criminal complaint. According to the statement released by the US Department of Justice, “[t]he intrusion occurred through a misconfigured web application firewall that enabled access to the data.” Further details provided by DOJ: “On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI. Cyber investigators were able to identify THOMPSON as the person who was posting about the data theft.” Thompson’s resume available on Gitlab says her most recent employer was Amazon Inc. where she worked as a systems engineer between 2015 and 2016.

Don’t blame AWS: While Capital One has not explicitly named the cloud hosting provider from which the Capital One credit data was taken, reports suggest the hack was made possible as a result of how Capital One was protecting an AWS bucket. (Brian Krebs has anaylsed the hack.) Capital One, a proud AWS customer, says the breach was not the fault of AWS but due to improperly configured firewall—a problem that Capital One fixed when the company discovered it, according to a Bloomberg report.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

NordVPN Promotion