A hacker stole the personal data of 100 million Capital One customers

The alleged hacker behind one of the biggest ever cyberattacks on a bank then boasted about what she’d done on Twitter and Slack, according to the FBI.
The news: The personal data of 100 million Americans and six million Canadians Capital One customers was stolen, the financial services firm revealed in a statement last night. A suspect, Paige A. Thompson, was arrested on Monday by the FBI about two weeks after the company first identified the breach.
Thompson, who now faces up to five years in prison, allegedly breached Capital One’s data on a cloud service thanks to a misconfigured web application firewall. Capital One is a known Amazon Web Services customer, and she’s a former Amazon Web Services employee.
Online trail: Prosecutors claim that Thompson, whose online pseudonym is “erratic,” posted data to a GitHub account that linked directly to her real identity, including her name and full résumé. The investigation into the breach was kick-started after a GitHub user spotted the data and alerted Capital One earlier this month.
The criminal complaint against Thompson details how she allegedly used anonymizing tools like Tor and a virtual private network to post the stolen data to her personal GitHub, talk about the breach on a personal Slack account, and effectively admit to hacking the company in direct messages on Twitter. Prosecutors are using all of it as evidence.
“I’ve basically strapped myself with a bomb vest,” Thompson wrote in a Twitter direct message, according to the criminal complaint. “Dropping capital one’s dox and admitting it. I wanna distribute those buckets I think first.”
The aftermath: Information dating from 2005 to 2019 was stolen, including Social Security numbers, bank account numbers, credit scores, names, and addresses. No credit card account numbers or login credentials were compromised. It may end up costing the firm up to $150 million in legal support, customer notifications, and credit monitoring, Capital One said. News of the hack comes just a week after credit reporting agency Equifax agreed to pay at least $575 million to settle its 2017 data breach.
“We will notify affected individuals through a variety of channels,” Capital One said in a statement. “We will make free credit monitoring and identity protection available to everyone affected.”
Sign up here for our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.
Keep Reading
Most Popular
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
ChatGPT is about to revolutionize the economy. We need to decide what that looks like.
New large language models will transform many jobs. Whether they will lead to widespread prosperity or not is up to us.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
GPT-4 is bigger and better than ChatGPT—but OpenAI won’t say why
We got a first look at the much-anticipated big new language model from OpenAI. But this time how it works is even more deeply under wraps.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.