BREAKING: Capital One Pwned… 100 Million People Affected

News is breaking on sites like Bloomberg that a hacker has broken into a cloud server under the control of credit card company Capitol One and as many as 100 million people might have had their data illegally accesses.

Here’s where it gets strange. The hacker was caught:

The woman, Paige A. Thompson, was arrested Monday and appeared in federal court in Seattle. The data theft occurred some time between March 12 and July 17, federal prosecutors in Seattle said. The cloud-computing company, on whose servers Capital One rented space, wasn’t identified in court papers.

“I am deeply sorry for what has happened,” said Richard D. Fairbank, Capital One’s chief executive officer, in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected.”

About 6 million individuals in Canada were also impacted by the breach, Capital One said.


The largest category of data stolen was supplied by consumers and small businesses when they applied for credit cards from 2005 through early 2019, the bank said. It included personal identification data, including names, addresses, phone numbers and dates of birth, and financial data including self-reported income, credit scores and fragments of transaction history.

About 140,000 Social Security numbers were accessed, as well as 80,000 bank account numbers from credit-card customers, the bank said.

I for one would love to know who the cloud computing company is at they have some questions to answer in terms of how this woman got in and got access to this data. Here’s why that matters:

Capital One, which is based in McLean, Virginia, has been one of the most vocal advocates for using cloud services among banks. The lender has said it is migrating an increasing percentage of its applications and data to the cloud and plans to completely exit its data centers by the end of 2020 — a move the company says will help lower costs.

If you are going to outsource stuff to the cloud, your security has to be on point. Otherwise bad things will happen to you and worse things will happen to your customers. Thus along with the cloud computing company, I really want to know what Capitol One is going to do to protect customers data going forward, and what they are going to do to protect the 100 million customers who’s data is now out there.

Back to the woman behind this hack for a second. Usually the hackers get away scott free with this sort of thing. So she was either sloppy or wanted to get caught. I say that either is in play because according to this, she posted details about it on Slack which is either mind blowingly stupid, or a clear indication that she wanted to be caught.

Stay tuned to this case as it will be interesting to watch on multiple fronts.

2 Responses to “BREAKING: Capital One Pwned… 100 Million People Affected”

  1. […] fallout over the epic Capital One data breach has begun. A class action suit has been filed by an Ontario law firm on behalf of six million or so […]

  2. […] facing a $350 million class action lawsuit in Ontario isn’t enough, Capital One who was pwned by a hacker recently, which in turn leaked the personal data of 100 million people including 6 million or so in Canada […]

Leave a Reply

%d bloggers like this: