According to a recent report, at least 140,000 social security numbers and 80,000 bank account numbers have been put at risk following a data breach involving more than 100 million credit card applicants’ information.
NBC News reports that a 33-year-old transgender woman who worked as a software engineer in Seattle has been arrested in relation to a massive data breach which puts over 100 million Capital One credit card applicants at risk. Paige A. Thompson allegedly accessed information from the Capital One bank through an improperly managed security feature and posted this information on a data-sharing site, a criminal complaint alleges.
Capital One told NBC News in a statement that the breach affected approximately 100 million individuals in the United States and approximately 6 million in Canada. Capital One insists, however, that no credit card account numbers of login details were accessed in the breach, and that less than one percent of social security numbers have been compromised.
Capital One was contacted on July 17 by an anonymous individual alleged that the leaked data which was later discovered to belong to Thompson had been posted GitHub, a website used by software engineers to post and collaboratively develop digital projects. The post was investigated by Capital One staff and appeared to include detailed instructions on how to access Capital One’s private information. The bank stated that 140,000 Social Security numbers and 80,000 bank accounts were potentially put at risk as a result of the data breach.
The indictment of Paige Thompson clearly indicates she wanted to be caught.
Breaking into Capitol One and posting about in Slack is beyond stupid.
Her time should have been spent on bug bounties rather than unauthorized intrusions.
— Kevin Mitnick (@kevinmitnick) July 30, 2019
FBI cyber investigators successfully matched the Github account to Paige Thompson who previously workers as a systems engineer for Cloud Computing Company. Further investigation also showed that Thompson has created a messaging channel in which she claimed to have obtained other data using the code she posted to Github. The FBI also believes that Thompson owns a Twitter account which contacted Capital One on July 18 stating that it was in possession of social security numbers.
In a Twitter message obtained by the FBI, Thomspon going by the pseudonym “erratic” said that he had “basically strapped myself with a bomb vest, f—ing dropping capitol one dox and admitting it.” Thompson stated that he was in possession of social security numbers and other personal details, implying that he planned to distribute this information publicly writing: “I wanna distribute those buckets I think first.”