It's one of the biggest-ever data breaches of a bank—and an arrest has been made. That might be of little solace to the 106 million Capital One credit card customers and applicants who had their data stolen in late March. Paige Thompson, 33, was arrested Monday in Seattle. The Wall Street Journal pieces together her background, speaking with sources who said she formerly worked for Amazon Web Services; a criminal complaint describes her as working as a systems engineer at an unnamed cloud-computing company between 2015 and 2016. Thompson allegedly got through a misconfigured Capital One firewall, enabling her to reach customer data stored in the Amazon cloud. Capital One learned of the exposure on July 17 after someone reportedly boasted about having the data in an online group, reports the Washington Post.
Most of the stolen data came from personal and small business credit card applications submitted between 2005 and this year. Some 140,000 Social Security numbers and 80,000 bank account numbers were exposed. Thompson, who has been charged with one count of computer fraud and abuse and has a Thursday hearing, is said to have bragged about the exploit online using the handle "erratic." The AP reports the FBI said a Twitter user named "erratic" interacted with Capital One via direct messages in June. A sample: "Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it. I wanna distribute those buckets i think first." Capital One does not believe the data was used for fraud; another message from "erratic": "I wanna get it off my server that’s why Im archiving all of it lol . . . its all encrypted." The investigation is ongoing. (Read more Capital One hack stories.)