On Monday, the FBI and the bank Capital One disclosed a data breach of 106 million credit card applications that compromised information like names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, and some credit scores and transaction data. It's one of the biggest breaches of a major financial institution ever. Four months after the incident occurred, within just 10 days of Capital One discovering it, the FBI has already made an arrest in connection with the crime.
Seattle resident Paige A. Thompson, 33, was charged Monday with one count of computer fraud and abuse, according to the FBI and court records. Thompson, the criminal complaint alleges, went by the hacker name "erratic" in many online accounts and forums. She allegedly exploited a misconfigured firewall to access a Capital One cloud repository and exfiltrate data sometime in March. On April 21, the FBI says, Thompson posted the data to her GitHub account, which included her full name and resume. It is unclear whether anyone downloaded the data after she allegedly posted it, but they very well may have given that Thompson allegedly talked openly about stealing the data, even on Slack.
At least one person appears to have stumbled across the trove. On July 17, court documents say, an unidentified tipster informed Capital One of its existence by emailing the bank's responsible disclosure address with a brief warning about the data, and a link to it on GitHub.
"Capital One quickly alerted law enforcement to the data theft—allowing the FBI to trace the intrusion," US attorney Brian Moran said in a statement. "I commend our law enforcement partners who are doing all they can to determine th ..
Support the originator by clicking the read the rest link below.
