A 33-year-old woman was arrested in connection with a data breach in which she allegedly gained access to the personal information of around 106 million Capital One customers in the United States and Canada.
Paige Thompson was accused of using a firewall vulnerability to hack into a Capital One server on March 22 and 23. She allegedly obtained 140,000 Social Security numbers, 80,000 bank account numbers and a trove of other private information such as addresses and credit scores.
Thompson formerly worked as a software engineer at Amazon Web Services, which was the cloud hosting company that Capital One was using. She allegedly extracted the bank’s files from a directory stored on Amazon’s servers. According to the criminal complaint, Thompson attempted to share the stolen information online.
After her arrest, Thompson denied selling or sharing any of the stolen data. In court documents, investigators noted they had not come across any evidence that indicated Thompson had lied.
Capital One said it repaired the vulnerability after the data breach and that it was “unlikely” that Thompson used the information for fraudulent purposes. Prosecutors later said they believed she also stole data from more than 30 other companies and stored it on her home server. The investigation remains ongoing.