The FBI arrested a woman named Paige A. Thompson for allegedly gaining access to more than 100 million Capital One customers’ data earlier this year. It was one of the biggest breaches ever.
The US Department of Justice’s complaint against Thompson presents a picture of a woman who was clever enough to find a trove of personal information from America’s seventh-largest bank, but not careful enough to cover her tracks.
Thompson is a 33-year-old living in Seattle who had previously worked as a systems engineer for a cloud hosting company that Capital One used. The Justice Department complaint didn’t name the cloud company, but Amazon (AMZN)Web Services confirmed her former employment to CNN Business, noting she left the company three years before the breach.
The complaint alleges Thompson gained access to an Amazon server, taking advantage of a web app that Capital One configured incorrectly.
The Capital One hack
In the documents, FBI investigator Joel Martini alleges Thompson used the alias “erratic” for several of her online accounts including Twitter, Meetup and Slack.
The documents include screenshots from a discussion in Slack, a chat service typically used by businesses and other groups, in which Thompson, as “erratic,” allegedly posted a list of Capital One files she claimed to possess. She allegedly explained the command she used to extract files in a Capital One directory stored on Amazon servers.
“I wanna get it off my server that’s why Im archiving all of it lol,” Thompson allegedly posted on Slack.
The agency also alleges that Thompson made statements on social media about possessing Capital One data. The complaint listed a Twitter handle that allegedly belongs to Thompson, @0xa3a97b6c, that was still live as of Tuesday morning.
“Ive basically strapped myself with a bomb vest, f—ing dropping Capital One’s dox and admitting it,” Thompson allegedly wrote in a private message via Twitter to the person who later reported the breach.
The Justice Department also said Thompson posted “information obtained from the intrusion” to a page on GitHub, a software development site where programmers can post projects. On the page that allegedly belongs to her, Thompson included her full first, middle and last name.
Thompson allegedly said in a private Twitter message that she wanted to distribute the names, Social Security numbers and dates of birth for the customers whose records she breached.
Thompson is also a pet owner, according to the complaint. Part of the digital breadcrumb trail the investigators followed included a Slack post from the “erratic” user about a veterinarian’s estimate for care for “one of her pets,” the complaint said.
Capital One said the breached information includes 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information.