Data over 100 million people stolen from large hack American bank

The American bank Capital One has been the victim of a large-scale hack. 33-year-old software engineer Paige Thompson stole personal data from about 100 million Americans and 6 million Canadians. It’s unknown why she attacked the bank.

Thompson carried out her attack between 12 March and 17 July, writes Reuters. She managed to get in via a misconfigured firewall of a web application. She stole 140,000 citizen service numbers, 80,000 linked account numbers and various names, addresses and credit scores, among other things.

On 19 July the hack was discovered and Thompson was arrested.

Brag about hack

The New York Times reports that Thompson previously worked for Amazon Web Services (AWS). AWS hosted the database that was hacked. She also hosts a Meetup called Seattle Warez Kiddies, which is described as a meeting for anyone who appreciates distributed systems, programming, hacking and cracking.

Thompson’s activities at Meetup were noticed by the FBI. The intelligence service used it to find its other online activities. This eventually led to reports from Thompson about the data theft on Twitter and Slack. Online she used the name erratic.

The authorities eventually found Thompson because they shared information about the hack on GitHub. The web address of that page contained its full name. Another user saw that message and informed Capital One about the hack.

Damage

Capital One expects the incident to cost between 100 million and 150 million dollars. This is mainly because of customer notification, account monitoring and legal support.

The bank further states on the basis of its own analysis that it is unlikely that the information has been used or disseminated for fraud purposes.

The bank’s CEO, Richard D. Fairbank, made a statement apologizing for the incident. I apologise for the understandable concerns that this incident has raised with affected people, and I am determined to rectify it.