Massive data breach at Capital One Bank

The Doctor

Staff member

U.S. NEWS 07/29/2019

Capital One Reveals 100 Million People Affected By Massive Data Breach

A hacker accessed sensitive information from credit card applications as well as the bank’s existing customers.

Capital One says a hacker got access to the personal information of over 100 million individuals applying for credit.

The McLean, Virginia-based bank said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.

The FBI has arrested the person, reportedly in Seattle, according to a report in The Washington Post.

Capital One says it believes that it is unlikely that the information was used for fraud, but it will continue to investigate.

The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers. It will offer free credit monitoring services to those affected.

The data breach affected about 100 million people in the U.S. and 6 million in Canada.

Central Scrutinizer

Staff member

07/30/2019 07:46 pm ET

Capital One Hack Suspect Identified After Bragging Online
Seattle programmer Paige Thompson allegedly boasted about the massive bank data breach on social media and appeared to confess to the crime.

By Amy Russo

The Seattle programmer accused of stealing the data of more than 100 million Capital One customers in one of history’s largest bank data breaches was caught allegedly bragging about it online.

Paige Thompson, 33, was arrested Monday in connection with the March hack, which potentially placed 80,000 accounts and 140,000 Social Security numbers at risk.

In a criminal complaint published by The Washington Post, FBI special agent Joel Martini detailed the investigation into Thompson’s lengthy digital trail, which authorities had been alerted to through an anonymous tip.

“There appears to be some leaked” data on GitHub, the individual wrote to Capital One on July 17, referring to a popular software development platform.

The tipster included a link to Thompson’s GitHub page, which revealed her full name, home address and résumé.

On Twitter, she apparently went by the handle “Erratic,” a name she used on messaging platform Slack and social networking site Meetup, allowing authorities to connect the dots, according to the complaint.

A screenshot in the complaint shows that about June 27, she spoke about a hack on Slack. One user, whose name is omitted, writes that Thompson was involved in “sketchy shit,” adding, “don’t go to jail plz.”

“I wanna get it off my server thats why Im archiving all of it lol,” Thompson replies. “its all encrypted.”

Another screenshot of direct messages sent via Twitter on June 18 appears to show Thompson confessing to the crime, boasting about the hack.

“Ive basically strapped myself with a bomb vest, fucking dropping capitol ones dox and admitting it,” she wrote, referring to the act of publishing individuals’ personal or identifying information online.

“I wanna distribute those buckets i think first,” she added, noting that there were “ssns...with full name and dob.”

In a statement released Monday, Capital One said “it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.”

The bank also noted that no log-in credentials or credit card account numbers had been compromised.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Capital One Chairman and CEO Richard Fairbank. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”