Seattle Woman Charged In Capital One Data Breach Exposing Over 100 Million Customers

Capitol One, the country's seventh-largest bank, says information was taken from a hack of credit card applications submitted over a 14-year period. CREDIT: Jeff Chiu/AP
Capitol One, the country's seventh-largest bank, says information was taken from a hack of credit card applications submitted over a 14-year period. CREDIT: Jeff Chiu/AP

Read On

BY SCOTT NEUMAN

A woman has been charged in connection with a hacking breach at Capital One bank that exposed information from more than 100 million credit applications over a 14-year period – what is thought to be one of the largest such attacks in recent years.

Authorities in Seattle have charged Paige A. Thompson, who also goes by the handle “erratic,” with a single count of computer fraud. She appeared in court on Monday and is scheduled for a detention hearing on Thursday.

Thompson is accused of hacking credit scores, balances, income information and Social Security numbers from a total of 100 million people in the U.S. and 6 million in Canada.

Virginia-based Capital One, the nation’s seventh-largest bank, acknowledged the breach in a statement on Monday, but said it believed the hacked information was not used in any actual fraud.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, chairman and CEO, in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

The hacked data consists of information from credit card applications from individuals and small businesses, mostly from 2005 to early 2019. That includes 140,000 Social Security numbers and 80,000 linked bank account numbers from secured credit card consumers.

According to a criminal complaint in U.S. District Court for the Western District of Washington at Seattle, some of the information was posted to GitHub, a software development platform owned by Microsoft.

The complaint says Thompson boasted in Twitter direct message about having obtained the data, saying she had “basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it.”

“I wanna distribute those buckets I think first,” “erratic” wrote in a Twitter message late last month. “There ssns … with full name and dob.”

According to the complaint, the FBI searched a bedroom believed to belong to Thompson and seized “numerous digital devices.”

“During the initial search of some of these devices, agents observed files and items that referenced Capital One and the Cloud Computing Company, other entities that may have been the targets of attempted or actual network intrusions, and “erratic” aliases associated with Paige A. Thompson.”

Capital One says it found a vulnerability in its system on July 19, just two days after receiving an email alerting it that some of its data had appeared on Github. It then asked for the FBI’s help.

The bank says it will contact affected customers and make free credit monitoring and protection available to them.

Last week, credit bureau Equifax agreed to pay $700 million to consumers in connection with a similar breach that occurred two years ago.

Editor’s note: Capital One is a financial sponsor of NPR.

Copyright 2019 NPR. To see more, visit npr.org

Related Stories:

Secretary Hobbs visited Benton County

WA Secretary Of State On Cyber Threats And Cyber Security

Franklin County Auditor Matt Beaton, Secretary of State Steve Hobbs, Benton County Auditor Brenda Chilton Listen (Runtime 2:42) Read Washington Secretary of State Steve Hobbs is calling attention to election

Apple announced this week at its Worldwide Developer Conference a new feature in its forthcoming operating system, iOS 15, that will digitize state-issued licenses and ID cards. Apple

Apple iPhones Can Soon Hold Your ID. Privacy Experts Are On Edge

Buying a coffee and grabbing a train is already possible with an iPhone, but Apple wants to replace the physical wallet completely. To that end, earlier this week Apple announced a new feature to let users scan their driver’s licenses and save it to their iPhones to use as a legitimate form of identification.