In June 2019, it became known about the compromise of the American bank Capital One and the leak of data from 106 million users. Then the data of users leaked to the bank for a credit card in the period from 2005 to 2019 leaked to the side. Including names, addresses, zip codes, phone numbers, email addresses, dates of birth and user income data.
The leak also affected the information on credit cards of the bank’s customers, that is, data on credit ratings and limits, balances, payment history, as well as contact information and fragments of transactions for 23 days in 2016, 2017 and 2018. In addition, it was reported that the cracker gained access to a million Canadian social security numbers, more than 140,000 US social security numbers and 80,000 bank account numbers.
Now ZDNet reports that, according to court documents, only one was not limited to compromising Capital One. So, during a search in the Thompson house, law enforcement officers seized servers on which not only the information stolen from Capital One was found, but also several terabytes of data stolen from more than 30 other companies, educational institutions and other organizations.
While law enforcement officials have not disclosed the names of the affected companies, but judging by previous media reports, they may include Unicredit, Vodafone, Ford, the University of Michigan and the Ohio Department of Transportation.
The Capital One data breach in June 2019 sent shockwaves throughout the cybersecurity community. The breach exposed the personal information of 106 million users, marking one of the most significant data security incidents of the year. User data, including names, addresses, zip codes, phone numbers, email addresses, dates of birth, and even income details, spanning from 2005 to 2019, was illicitly accessed and compromised.
Even more alarming was the extent of the breach, which also encompassed sensitive credit card information. This included data on credit ratings, limits, balances, payment history, contact details, and transaction fragments spanning 23 days across 2016, 2017, and 2018. The breach didn’t stop there, as it also granted the perpetrator access to one million Canadian social security numbers, more than 140,000 U.S. social security numbers, and 80,000 bank account numbers.
The breach was attributed to a former employee of Amazon Web Services, Page A. Thompson, alias “Erratic,” who exploited a misconfigured firewall to infiltrate Capital One’s network. Alerted by a vigilant GitHub user, Capital One took prompt action, ultimately leading to Thompson’s arrest on July 17, 2019.
Recent reports by ZDNet reveal the depth of Thompson’s hacking activities. A search of her residence unveiled servers containing not only Capital One’s stolen data but also terabytes of data pilfered from more than 30 other organizations, including reputed entities like Unicredit, Vodafone, Ford, the University of Michigan, and the Ohio Department of Transportation.
While law enforcement continues its investigation, Thompson remains in custody. Her repeated charges of persecution and threats against law enforcement officers underscore the significance of her mental health issues. The incident serves as a stark reminder of the dire need for robust data protection and cybersecurity measures in an increasingly interconnected world.
According to the prosecutor’s office, the data detected significantly differ in both type and quantity, but, apparently, these dumps did not contain personal and identification information.
While the investigation is still ongoing, law enforcement officials insist that Thompson should be kept in custody, as she had already been charged with persecution three times, and she also threatened to shoot in the company’s office and commit suicide through a police officer (threatening a police officer with a fake gun and forcing open fire to kill). Investigators write that Thompson’s behavior is obviously due to mental health problems.
