A hacker that goes online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications.
According to the financial institution, law enforcement already identified and arrested the hacker, the DoJ announced on Monday that Paige A. Thompson (33) is suspected to be responsible for the data breach.
“A former Seattle technology company software engineer was arrested today on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data of Capital One Financial Corporation, announced U.S. Attorney Brian T. Moran.” reads the press release published by the DoJ. “PAIGE A. THOMPSON a/k/a erratic, 33, made her initial appearance in U.S. District Court in Seattle today and was ordered detained pending a hearing on August 1, 2019.”
Paige Thompson is a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016.
THOMPSON posted about the Capital One hack on GitHub, she exploited a misconfigured web application firewall to get access to the data. On July 17, 2019, Capital One was informed of the incident by a GitHub user who saw the post. On July 19, 2019, that financial institution discovered the intrusion and informed the FBI.
“Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion,” said U.S. Attorney Moran. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”
Capital One confirmed to have immediately fixed the configuration issue
The feds identified the hackers and executed a search warrant at THOMPSON’s residence where they seized electronic storage devices containing a copy of the data.
Paige A. Thompson was charged with computer fraud and abuse in U.S. District Court in Seattle. She already appeare
The security breach data breach took place on March 22nd and 23rd, the hacker accessed information of customers who had applied for a credit card between 2005 and 2019.
“Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.
Importantly, no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Securitynumbers were not compromised.” states a press release published by Capital One.
“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
The hacker accessed bank account numbers and Social Security numbers only for a limited number of customers:
Capital One will notify the affected customers and will provide free credit monitoring services to those affected.
(SecurityAffairs – Capital One, Data breach)