Advertisement
Advertisement
United States
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Capital One contacted the FBI after confirming the data theft. Photo: AFP

Capital One hack: US woman arrested after stealing data from 100 million credit card applications

  • Paige Thompson, a former engineer, was arrested by the FBI agents after she boasted about the data theft on GitHub
  • The bank said the hack affected 100 million individuals in the US and six million in Canada

A tech engineer in the western US state of Washington was arrested on Monday on charges of stealing sensitive data from millions of credit card applications at financial heavyweight Capital One.

Paige Thompson, 33, a former Seattle technology company software engineer, was arrested by FBI agents after she boasted about the data theft – one of the biggest to hit a financial services company – on the information sharing site GitHub, authorities said.

“The intrusion occurred through a misconfigured web application firewall that enabled access to the data,” a statement by the US attorney’s office in Washington said. “On July 17, 2019, a GitHub user who saw the post alerted Capital One to the possibility it had suffered a data theft.”

It said the Virginia-based bank that specialises in credit cards contacted the FBI after confirming the data theft, which took place between March 12 and July 17 of this year.

Brazilian hackers win the gold in credit card crime

“According to Capital One, the data includes data regarding large numbers of (credit card) applications, likely tens of millions of applications,” according to the complaint.

In a statement, Capital One said the hack affected 100 million individuals in the US and six million in Canada.

Capital One said it expects the breach to generate incremental costs of around US$100 to US$150 million in 2019. Photo: Reuters

“Importantly, no credit card account numbers or login credentials were compromised and over 99 per cent of social security numbers were not compromised,” the bank said.

Thompson, who used the alias “erratic” in online conversations, allegedly posted several times about the theft on GitHub and on social media.

One posting on a Twitter account with the username “erratic” read: “I’ve basically strapped myself with a bomb vest, f****** dropping capital ones dox and admitting it,” according to the complaint.

Authorities said electronic storage devices containing a copy of the stolen data were recovered at her residence on Monday.

How hackers demanding bitcoin ransom stole 20,000 sets of credit card details

Capital One said although some of the information in the applications stolen, such as social security numbers, is encrypted or tokenised, other information such as names, addresses, dates of birth and credit card history was not secured.

Capital One said it expects the breach to generate incremental costs of around US$100 to US$150 million in 2019.

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard D. Fairbank, the company’s chairman and CEO, said in a statement. “I sincerely apologise for the understandable worry this incident must be causing those affected and I am committed to making it right.”

Thompson faces up to five years in prison and a US$250,000 fine if convicted of computer fraud.

She was ordered held in jail on Monday pending a detention hearing later this week.

Post