Home / News I have a News Tip

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Major US bank Capital One Financial Corporation confirmed Monday evening that unauthorized access was made by an outside individual who obtained "certain types of personal information" on credit card products and Capital One credit card customers. The bank also released the result of its analysis on the breach determining close to 100 million people have been affected in the United States and close to 6 million in Canada. "No credit card account numbers or log-in credentials were compromised," says Capital One in its statement released last night.

Who and how: FBI agents on Monday arrested 33-year-old Paige Thompson aka erratic following a criminal complaint. According to the statement released by the US Department of Justice, "[t]he intrusion occurred through a misconfigured web application firewall that enabled access to the data." Further details provided by DOJ: "On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI. Cyber investigators were able to identify THOMPSON as the person who was posting about the data theft." Thompson's resume available on Gitlab says her most recent employer was Amazon Inc. where she worked as a systems engineer between 2015 and 2016.

Don't blame AWS: While Capital One has not explicitly named the cloud hosting provider from which the Capital One credit data was taken, reports suggest the hack was made possible as a result of how Capital One was protecting an AWS bucket. (Brian Krebs has anaylsed the hack.) Capital One, a proud AWS customer, says the breach was not the fault of AWS but due to improperly configured firewall — a problem that Capital One fixed when the company discovered it, according to a Bloomberg report.

Follow CircleID on
Related topics: Cybercrime, Cybersecurity
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Cybercrime

Sponsored byThreat Intelligence Platform