What we know so far about accused Capital One hacker Paige Thompson

Capital One hack exposes identities of millions
  • Paige Thompson, a 33-year-old former Amazon employee from Seattle, has been arrested and charged by the FBI with stealing personal data belonging to more than 100 million Capital One customers.
  • Thompson, using an alias, boasted about the hack on social media, and appears to have obtained some information from several other companies, government entities and educational institutions, according to court documents.
  • Thompson's resume lists eight different employers over a 12-year period, including a positions with Amazon and a division of Lowe's.

Paige Thompson, a former Amazon employee and accused hacker accused of stealing the personal data for more than 100 million Capital One customers, almost seemed to want to get caught. Mission accomplished.

Thompson, 33, was arrested on Monday after FBI agents searched her home and found files and information related to both Capital One and her former employer, according to a lawsuit filed by the Department of Justice. Agents also found an online alias, "erratic," allegedly connected to Thompson where she had posted online in late June about having information on "several companies, government entities, and educational entities," according to the complaint. 

Earlier that month, a Twitter account under the name erratic with a profile picture that appears to be Thompson wearing sunglasses, posted a direct message admitting she believed her actions were likely to be discovered. "Ive basically strapped myself with a bomb vest, f***ing dropping capital ones dox and admitting it," the message read. "I wanna distribute those buckets i think first."

In court on Monday following her arrest, Thompson broke down and laid her head on the defense table, Bloomberg reported. A judge has ordered her to be held in jail. A bail hearing was set for later this week.

Twitter profile picture of Paige Thompson, the alleged hacker who appears to have stolen "tens of millions" of Capital One customers personal files. Twitter

A string of short-terms jobs

The picture that emerges of Thompson from information on social media and other online file-sharing websites is of someone who struggled socially and professionally, and who had suffered a recent emotional trauma. 

On her own Twitter account, she said the death of her cat Millie in June was "one of the most painful and emotionally overwhelming experiences of my life." She also complained about her dating life. In early July, Thompson posted about thinking about checking into a mental health facility, according to the New York Times.

According to an online resume, Thompson enrolled in Bellevue Community College in Bellevue, Washington, to pursue a degree in software engineering in early 2005, but left about a year and a half later. Her resume, which says she "left early to pursue a career opportunity," describes her as having worked for Seattle Software Systems from October 2005 to March 2007.

Neo Nosrati, CEO of ColumbusSoft, which acquired Seattle Software Solutions from its previous owner, said Thompson was a "very talented 'white hat' ethical hacker" who excelled at testing clients' security systems for flaws. "She was involved in the hacker community, but from what I knew of her I don't see how she would have done anything illegal."

Thompson's resume lists eight different employers over a 12-year period starting in the fall of 2005 and ending in September 2016 with the job at Amazon. Almost all of the jobs last less than 18 months, with some lasting only a few months.

A spokesperson from Lowe's confirmed to CBS MoneyWatch that Thompson was an employee of ATG Stores, an online division of the hardware retail chain, in 2014 for "less than two months." The spokesperson declined to comment why Thompson's employment ended.

Capital One data breach: More than 100 million affected

All of the jobs list tasks like "assisting in the development of analytics platform" or "site maintenance." It's unclear if some of the jobs were contract work or if she was a full-time employee. Thompson's longest-held job — from December 2007 to March 2010, according to the resume — was as a systems administrator at Zion Preparatory School, a prominent private school that opened in the early 1980s to serve Seattle's black community. The school closed in 2015 after years of financial pressure.

Names, Social Security numbers, bank accounts

According to the Justice Department's complaint, as early as March of this year Thompson began trying to hack into corporate databases to steal user information. That month she gained access to Capital One's customer files. The credit-card issuer used Amazon's "cloud" storage service. 

According to the complaint, Thompson accessed the files through a faulty firewall that allowed her to get access to Capital One's customer information that was stored on the cloud provider's servers. Amazon says its systems weren't breached.

Amazon Web Services, the company's cloud product, "was not compromised in any way and functioned as designed," a company spokesperson told the Associated Press. "The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud."  

According to the complaint, Thompson was able to download information on "tens of millions" of Capital One customers or potential customers. The data were mostly related to credit card applications. While some data were encrypted, Thompson was able to get names, phone numbers and addresses, as well as 120,000 Social security numbers and 77,000 bank account numbers. 

The Department of Justice believes Thompson maintained "erratic" as her online alias.

Thompson doesn't appear to have accessed the bank accounts or sold the data. Amazon says the knowledge that was used to obtain Capital One's files was something that could be found out by anyone, and wasn't information that would have been obtained from working at the company.

In June, the court document details, Thompson began posting some of the stolen Capital One files on GitHub, a website that developers use for sharing programming code. She also began posting information about her hack on Twitter and in a group chat that she invited others to join on the messaging platform Slack.

On July 17, a person emailed Capital One that "there appeared to be some leaked s3 data of yours" on GitHub. S3 data refers to a type of file that is normally stored on Amazon's cloud network. Shortly thereafter, Capital One informed the FBI of the hack.

The complaint says there were four other individuals at Thompson's residence when she was arrested Monday.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.