Capital One Data Breach: Seattle Woman Arrested By FBI

SEATTLE, WA — A Seattle-based tech worker was arrested on Monday for computer fraud in connection to a massive breach of Capital One customer data. The personal information — including some social security numbers — of about 106 million customers in the U.S. and Canada was taken in the breach, according to the company and federal officials.

According to the FBI, Paige A. Thompson, 33, was able to get around a "misconfigured web application firewall" and access Capital One servers to download huge amounts of personal data — everything from addresses and birth dates to credit scores and some transaction records, according to federal officials. The data breach began sometime in March, according to the FBI.

Thompson then posted about having the data on GitHub, a site where software developers share projects and code. A GitHub user alerted Capital One about the possible breach in mid-July, and the company turned to the FBI to pursue criminal charges.

According to court documents, Thompson also posted on Twitter and Slack about trying to get rid of or distribute the data.

"I've basically strapped myself with a bomb vest, f--king dropping capital ones [documents] and admitting it," she wrote in a Twitter direct message to the person who ultimately reported the breach to Capital One, court documents show.

Thompson worked at an unspecified cloud-computing company in Seattle, court documents said. She went by the alias "erratic" on Twitter.

Information like names, addresses, zip codes, phone numbers, and birth dates from credit applications spanning 2005 to 2019 were part of the breach, Capitol One said in a statement.

The company said that 140,000 social security numbers and 80,000 bank account numbers linked to credit accounts were exposed. Capital One said it would alert customers affected by the breach and offer free credit monitoring. The breach could end up costing Capital One up to $150 million, the company said.

"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," Capital One CEO Richard D. Fairbank said in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

The FBI searched Thompson's apartment in Seattle on Monday, and she made an initial appearance in court on one charge of computer fraud. She was ordered to remain in federal custody and will appear in court on Aug. 1.

Here's the FBI's arrest information on Thompson: