Capital One breach suspect may have stolen data from at least 30 organizations - including companies and educational institutions - prosecutors say

Advertisement
Capital One breach suspect may have stolen data from at least 30 organizations - including companies and educational institutions - prosecutors say

capital one hack suspect paige thompson seattle fbi raid

Ted S. Warren/AP

The entrance to Capital One hack suspect Paige Thompson's home, as taken on July 31, 2019.

Advertisement
  • Capital One data breach suspect Paige A. Thompson, of Seattle, may have stolen data from "more than 30 companies, educational institutions, and other entities," according to prosecutors.
  • Thompson was charged with count of computer fraud and abuse (though prosecutors say more counts could be filed), after an FBI investigation alleged she stole data impacting roughly 100 million Capital One customers in the US and around 6 million in Canada.
  • "Thompson intruded into servers operated, rented, or contracted by over 30 companies, educational institutions, and other entities," prosecutors allege in the court document. "Although not all of those intrusions involved the theft of personal identifying information, it appears likely that a number of the intrusions did."
  • Investigators are still working to determine the identities of the organizations that may have been impacted by the theft.
  • Visit Business Insider's homepage for more stories.

Capital One data breach suspect Paige A. Thompson, of Seattle, may have stolen data from "more than 30 companies, educational institutions, and other entities," according to prosecutors.

Thompson was charged by the US Attorney's Office in Seattle with count of computer fraud and abuse (though prosecutors say more counts could be filed). A FBI investigation alleges she stole data impacting roughly 100 million Capital One customers in the US and around 6 million in Canada.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The fact that other organizations may have had data stolen was revealed in an August 13 court filing, supporting prosecutors' wish to keep Thompson detained pending trial.

"Thompson intruded into servers operated, rented, or contracted by over 30 companies, educational institutions, and other entities," prosecutors allege in the court document. "Although not all of those intrusions involved the theft of personal identifying information, it appears likely that a number of the intrusions did."

Advertisement

Investigators are still working to determine the identities of the organizations that may have been impacted by the theft.

Read more: See the raid where the 33-year-old woman accused of hacking Capital One was apprehended by camouflaged, armed FBI agents

Thompson, according to prosecutors, has said she did not disseminate the data "from Capital One or any
other victim" and that her server was the only copy. Investigators have yet to confirm that the data was not shared, but note that "To date, however, the government has not uncovered any evidence that would suggest Thompson's statement that she neither sold, nor otherwise disseminated, any of the data beyond the servers that the government recovered is untrue."

Beyond revealing the alleged additional theft, the court documents claim that Thompson is a flight risk, a danger to herself and others, and could cause technological harm - noting previous encounters with police, threats to harm others or herself, and access to firearms. Business Insider could not immediately reach an attorney representing Thompson.

Read more: A massive breach exposed the data of over 100 million Capital One customers, and the only way to find out if you've been affected is to check your mail

Advertisement

Capital One made the breach public on July 29, saying that personal information from credit card applicants between 2005 and early 2019 was stolen - such as "names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income." Roughly 140,000 US social security numbers, 80,000 credit card numbers, and around 1 million Canadian social insurance numbers may also have been compromised. (To find out if your data was compromised, keep an eye on your mailbox. Capital One will be sending out letters to those affected.)

The breach has led to increased scrutiny of security measures taken to personal information is stored.

{{}}