Who’s Paige Thompson? Meet the Woman Allegedly Behind the Capitol One Data Breach
On Monday, federal investigators arrested a 33-year-old woman named Paige Thompson, a software engineer who is alleged to have singlehandedly orchestrated the Capitol One data breach, resulting in more than 100 million people’s personal data becoming compromised. The data included 140,000 Social Security numbers and more than 80,000 individual bank account numbers.
While the Department of Justice is charging Thompson with computer fraud and “abuse for an intrusion on the stored data,” it’s important to note that the indictment doesn’t specify whether she actually released the data or shared it with any external parties, though it does cite evidence that she planned to do so. Nonetheless, the report indicates that Thompson was surprisingly brazen about her alleged role in the breach, alluding to it in Twitter DMs and sharing some of the file names from the breach in a private Slack channel with other programmers and hackers. Here’s what we know so far about the woman alleged to have acted as a “lone wolf” in hacking into the systems of one of the biggest banking corporations in the country.
Who is Paige Thompson?
Thompson, 33, lives in the Seattle area and works as a tech company software engineer. She currently lists herself as the CEO of hosting company Netcrave Communications. Bloomberg News reports that Thompson also previously worked as an employee of Amazon Web Services, though she left the company in 2016. While the DOJ complaint says she hacked into servers hosted by an unnamed cloud computing services company to access users’ personal data, an Amazon spokesperson denied to CNBC that AWS was affected in any way and that “the perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure.”
Thompson had an extensive digital footprint, frequently sharing information about her cat Millie and her mental health issues on Twitter and running a Meetup group for hackers and programmers in the Seattle area. She also ran a Slack channel for this Meetup group, sharing files with other users under the username erratic, according to the New York Times. She also used the handle for her Meetup group and her Twitter, which is ultimately in part how the FBI was able to identify her as the alleged source of the breach.
How did the FBI link Thompson to the data breach?
The investigation into the data breach began on July 17th, when Capitol One received an anonymous tip via email that clients’ personal data — which had largely been culled from credit card applications — had been posted on the file-sharing website Github. The FBI ultimately tracked down Thompson’s Meetup group and accessed communications from the Slack group, in which a user going by the handle “erratic” appeared to post files from the Capitol One data breach. “I wanna get it off my service that why Im archiving all of it lol,” the user said on Slack. Investigators were able to identify Thompson as “erratic” by comparing her tweets to her messages on Slack, many of which also made reference to her cat’s health issues.
In the DOJ complaint, the FBI also makes reference to screenshots of Thompson’s messages to an anonymous source, in which, the FBI argues, she alludes to her intention to make public the data from the Capitol One breach. “I’ve basically strapped myself with a bomb vest, fucking dropping capital ones box and admitting it,” the message reads, adding, “I wanna distribute those buckets I think first. There [sic] ssns…along with full name and dob.”
Capitol One has said in a statement that the hack was the result of a misconfigured firewall, and that it “immediately” resolved the issue when it discovered the breach. On Tuesday, however, a Stamford, Conn. man claiming to have been affected by the breach filed suit against the company. The man filed in federal court in Washington, D.C., and he’s seeking class-action status.
On Monday night, the FBI executed a search warrant on Thompson’s home, recovering a number of digital devices, some of which confirmed that she was behind the “erratic” username. If convicted, Thompson faces up to five years in prison and a $250,000 fine. She is next scheduled to appear in court on Thursday.