Home / News

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Major US bank Capital One Financial Corporation confirmed Monday evening that unauthorized access was made by an outside individual who obtained "certain types of personal information" on credit card products and Capital One credit card customers. The bank also released the result of its analysis on the breach determining close to 100 million people have been affected in the United States and close to 6 million in Canada. "No credit card account numbers or log-in credentials were compromised," says Capital One in its statement released last night.

Who and how: FBI agents on Monday arrested 33-year-old Paige Thompson aka erratic following a criminal complaint. According to the statement released by the US Department of Justice, "[t]he intrusion occurred through a misconfigured web application firewall that enabled access to the data." Further details provided by DOJ: "On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI. Cyber investigators were able to identify THOMPSON as the person who was posting about the data theft." Thompson's resume available on Gitlab says her most recent employer was Amazon Inc. where she worked as a systems engineer between 2015 and 2016.

Don't blame AWS: While Capital One has not explicitly named the cloud hosting provider from which the Capital One credit data was taken, reports suggest the hack was made possible as a result of how Capital One was protecting an AWS bucket. (Brian Krebs has anaylsed the hack.) Capital One, a proud AWS customer, says the breach was not the fault of AWS but due to improperly configured firewall — a problem that Capital One fixed when the company discovered it, according to a Bloomberg report.

By CircleID Reporter – CircleID's internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Brand Protection

Sponsored byAppdetex

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign