[BreachExchange] Capital One hacker took data from more than 30 companies, new court docs reveal

Destry Winant destry at riskbasedsecurity.com
Thu Aug 15 10:02:13 EDT 2019


Paige A. Thompson, the hacker accused of breaching US bank Capital
One, is also believed to have stolen data from more than 30 other
companies, US prosecutors said in new court documents filed today and
obtained by ZDNet.

"The government's investigation over the last two weeks has revealed
that Thompson's theft of Capital One's data was only one part of her
criminal conduct," US officials said in a memorandum for extending
Thompson's detention period.

"The servers seized from Thompson's bedroom during the search of
Thompson's residence, include not only data stolen from Capital One,
but also multiple terabytes of data stolen by Thompson from more than
30 other companies, educational institutions, and other entities."

US prosecutors said the "data varies significantly in both type and
amount," but, based on currently available information, "much of the
data appears not to be data containing personal identifying


US officials said the investigation is still ongoing and the FB is
still trying to identify all the companies from where Thompson stole
data they found on her home server.

"The government expects to add an additional charge against Thompson
based upon each such theft of data, as the victims are identified and
notified," prosecutors said.

The court documents don't list the names of any of the other 30+
companies that Thompson is believed to have hacked. However, according
to previous media reports, this list might include companies such as
Unicredit, Vodafone, Ford, Michigan State University, and the Ohio
Department of Transportation.

Thompson, a former Amazon engineer, is believed to have breached AWS
servers belonging to Capital One and the additional 30+ companies,
from where she took proprietary information that she later stored on
her home server. From Capital One alone, Thompson is believed to have
taken the personal data of over 106 million Americans and Canadians.

After her arrest, Thompson told investigators that she did not sell or
share any of the stolen data. In the new court documents, US officials
said they haven't found any evidence to suggest that Thompson lied,
which might reduce the extent of the 30+ breaches that she is accused.

As for the Capital One accusations, the US government believes it has
a rock-solid case. "The evidence that Thompson committed this crime is
overwhelming," officials said.

The court documents filed today, which argue for continuing to detain
Thompson, also detailthree stalking allegations, threats to "shoot up"
a company's office, and threats to commit "suicide by cop" by pulling
a fake gun on an officer and force the officer to shoot back. The US
government also noted that Thompson's past behavior appears to be
related to "a significant history of mental health problems."

More information about the BreachExchange mailing list