Western District of Washington US Attorney Brian T. Moran announced Paige A. Thompson a/k/a erratic, 33, was indicted Wednesday, on two counts related to unauthorized intrusion into stored data within 30 different companies. Ms. Thompson, a former software engineer of Amazon, is accused of hacking Capital One Financial Corp's. data system and theft of information from customers credit card applications. Capital One and other entities that fell victim to Thompson's scheme rented or contracted computer servers from the Cloud Computing Company. She allegedly took advantage of misconfigured firewalls that allowed her to view and copy date of customers, steal valuable personal identifying information, and stealing computer power to “mine” cryptocurrency for her own benefit.
Hid location to illegally get data
Thompson was identified by FBI cyber investigators after Capital One contacted them to report they believed there was an intrusion on their data servers. They linked her to posts made by her on the sharing site, GitHub concerning the data theft. They also found a reference to the data on her Twitter and Linkedin pages. Thompson allegedly used virtual private networks (VPN's) by a company named IPredator and The Onion Router (TOR) to conceal her location and identity from Cloud Computing Company servers and from the companies that fell victim from her scheme. She took the data information she allegedly obtained illegally and copied it to her own server. It is said she copied information from over 100,000,000 customers in the US and an estimated 6 million in Canada.
Cloud Computing Company provides server services throughout the world and victims affected were from Europe, Canada, Asia, Africa, Oceania and the State of Washington.
Data breach to cost Capital One
According to a report by ABC News, Capital One stated that the breach could cost them between $100 to $150 million in expenses to make this right with customers.
Federal investigators obtained a search warrant for Thompson's residence in Washington and seized the storage devices said to have copies of the stolen data. Thompson was charged with wire fraud, computer fraud, and abuse. She remains in custody because she is regarded as a flight risk and has a record of taking drugs. She will be prosecuted on the indictment by Assistant United States Attorneys Steven Masada and Andrew Friedman in U.S.
District Court in the State of Washington on September 5, 2019. If found guilty Thompson could receive up to 25 years in prison. Cyber enforcement has identified many of the customers that are victims of this scheme and had their data accessed and they are working to notify them.