FILE PHOTO – People walk past a Capital One banking center in New York’s financial district January 17, 2013. REUTERS/Brendan McDermid
(Reuters) – A federal grand jury has indicted the suspected hacker who obtained personal information of over 100 million people in the Capital One Financial Corp data breach on charges of wire fraud and computer data theft, the U.S. Department of Justice (DOJ) said on Wednesday.
The breach at Capital One between March and July was revealed late last month and stemmed from Capital One’s decision to store data in Amazon’s cloud unit, called Amazon Web Services (AWS), where a former employee named Paige Thompson managed to access its data.
Thompson’s indictment cited more than 30 victims of data intrusion and theft, including Capital One, the DOJ said bit.ly/32eBGPE, adding that the case is now headed for a federal court in Seattle.
The DOJ did not identify other companies whose data was allegedly breached by Thompson. However, it mentioned that some of the victims included a state agency outside the state of Washington, a telecommunications conglomerate outside the United States and a public research university outside Washington.
Thompson not only stole data, but also used stolen computer power to mine cryptocurrency for her own benefit, a practice known as “cryptojacking,” according to the indictment.
The 33-year-old software engineer made her initial appearance in a federal court in July. She remains in custody and her charges in the indictment carry penalties of up to 25 years in prison, according to the statement.
The data breach at Capital One resulted in the exposure of names and addresses of customers, the company said last month. The hacker did not gain access to credit card account numbers, but about 140,000 Social Security numbers and 80,000 linked bank account numbers were compromised.
Reporting by Kanishka Singh in Bengaluru; editing by Gopakumar Warrier