Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Paige Thompson, the alleged hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. Paige Thompson, a transgender woman, suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. In […]

capital one

Paige Thompson, the alleged hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud.

Paige Thompson, a transgender woman, suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud.

In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breachthat exposed personal information from 106 million Capital One credit applications.

Paige Thompson, a former Seattle technology company software engineer that goes online with the handle “erratic,” breached the systems at Capital One and gained access to the huge trove of personal information. Law enforcement identified and arrested the hacker.

Now the Department of Justice announced that Thompson has been indicted by a federal grand jury and will be arraigned on September 5 in the U.S. District Court in Seattle.

“A former Seattle technology company software engineer was indicted today by a federal grand jury on two counts related to her unauthorized intrusion into stored data of more than 30 different companies, announced U.S. Attorney Brian T. Moran.” reads the press release published by DoJ.  “PAIGE A. THOMPSON a/k/a erratic, 33, will be arraigned on the indictment in U.S. District Court in Seattle on September 5, 2019.   THOMPSON remains in custody.”

The indictment explicitly names only Capital One as one of the THOMPSON‘s victims, but it also reports other three victims of the hacker that have been referred as a state agency outside the State of Washington; a telecommunications conglomerate outside the United States; and a public research university outside the State of Washington.

All the victims used the same Cloud Computing Company, even if it was not specifically mentioned they used the services of Amazon Web Services (AWS).

According to the indictment, Paige THOMPSON created a scanning software that used to identify AWS customers who had misconfigured their firewalls, then the hacker accessed their servers to steal data, and to “mine” cryptocurrency

“According to the indictment, THOMPSON created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers.  THOMPSON used this access not only to steal data, but also used stolen computer power to “mine” cryptocurrency for her own benefit, a practice known as “cryptojacking.”” continues the indictment.

Prosecutors have found no evidence that Thompson sold or leaked online the stolen data.

Thompson faces up to 25 years in prison due to the charges in the indictment. Last week, a U.S. judge ordered Paige Thompson to remain in custody pending trial because her “bizarre and erratic” behavior makes the woman at risk.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Capital One, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]