New York (CNN Business)The US Justice Department has filed additional charges against the hacker accused of illegally accessing more than 100 million Capital One customers’ accounts and credit card applications in 2019.
Paige Thompson, a former Amazon engineer, now faces six counts of computer fraud and abuse, one count of access device fraud and one count of aggravated identity theft in addition to the original two charges. The superseding indictment also lists four additional victims of Thompson’s hacking. She could serve up to 20 years in prison.
A hacker gained access to 100 million Capital One credit card applications and accountsIn 2019, Thompson allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to people’s names, addresses, credit scores, credit limits, balances, and other information in, according to the bank and the US Department of Justice. The hack marked one of the largest data breaches in history.
Following the incident, Capital One entered into consent orders with the Fed and the Office of the Comptroller of Currency. The Fed then filed a cease and desist order, laying out steps the bank needed to take to improve its security, while the Office of the Comptroller of Currency filed an $80 million civil penalty against the bank.
In addition to accessing data, the Justice Department also alleges that Thompson shared details of the hack online.Read MoreThe Department of Justice said Thompson posted about the tools she used to hack Capital One on GitHub, a software development site where programmers can post projects, using her full first, middle and last names.
Capital One breach exposed bank data for the most financially vulnerable customersThe complaint also includes screenshots of a Slack channel in which Thompson, under the alleged alias “erratic,” posted a list of Capital One files she claimed to possess and explained how she extracted the files. “I wanna get it off my server that’s why Im archiving all of it lol,” Thompson allegedly posted on Slack. The agency also alleges that Thompson made statements on other social media platforms about possessing Capital One data, listing a Twitter handle that allegedly belonged to Thompson, @0xa3a97b6c in the complaint. The account has since been suspended.”Ive basically strapped myself with a bomb vest, f—ing dropping Capital One’s dox and admitting it,” Thompson allegedly wrote in a private message via Twitter.
Thompson’s private Twitter messages also included references to distributing the names, Social Security numbers and dates of birth for the customers whose records she breached, according to the Justice Department.Thompson’s trial, which has been postponed several times for further discovery and because of the pandemic, is now set for March 14, 2022.
Source: edition.cnn.com