A former Amazon Web Services software engineer hacks Capital One server; gains access to 100 million credit card applications.
A hacker has broken into a Capital One server and gained access to more than 100 million customers’ accounts and credit card applications as far back as 2005, the US Department of Justice has confirmed.
Besides an undisclosed number of people’s names, addresses, credit limits and credit scores and balances, Paige Thompson was also able to access 1million Canadian Social Insurance numbers, 140,000 Social Security numbers and 80,000 bank account numbers. Capital One confirmed that the breach affected 100million people in the United States and about 6million people in Canada.
According to the criminal complaint, Thompson, who previously worked as a software engineer for Amazon Web Services, was able to gain access to Capital One server by exploiting a misconfigured web application firewall. Capital One’s investigation into the breach is underway but has confirmed that it fixed the vulnerability and said it is “unlikely that the information was used for fraud or disseminated by this individual.”
The Justice Department has confirmed that Thompson was arrested Monday in connection with the breach that took place March 22 and 23.
In a statement, Capital One CEO Richard Fairbank, said: “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,”
The breach is expected to cost the firm $150 million, which will be spent on credit monitoring, customer notifications, tech costs and legal support. The company’s stock price went down by 5per cent following the news.
Thompson made little effort to conceal her identity when she boasted on social media that she had accessed Capital One’s server. Using her full name, she shared that she had Capital One information. In a channel on Slack, she explained how she carried out the cyber crime using a special command to extract files in a Capital One directory stored on Amazon’s servers.
One person who saw the information on GitHub alerted Capital One, which then notified the FBI. Thompson’s residence was searched on Monday where FBI devices that referenced Capital One and Amazon as well as other entities that may have been targets of attempted or actual breaches.
Register to claim a free website security check.