Federal officials on Monday reportedly arrested a Seattle woman and accused her of stealing records, including some bank account and Social Security numbers, from more than 100 million Capital One customers and potential customers.
The hack of the Virginia-based bank is believed to be one of the biggest data breaches ever to hit a financial institution and comes a week after credit monitoring company Equifax reached a $700 million settlement relating to the theft of 147 million customers’ data in 2017.
{mosads}The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,” according to the criminal complaint.
In one such post, Thompson, using the username “erratic,” allegedly wrote, “I’ve basically strapped myself with a bomb vest, [expletive] dropping capitol ones dox and admitting it,” according to The Washington Post.
Thompson’s online presence likely led to a faster-than-usual arrest in the case, with Capital One first noticing a problem on July 17 after a participant in an online discussion group claimed to have taken large amounts of customer data, according to the Post.
After investigating, the bank independently confirmed the vulnerability. While the majority of Social Security numbers were protected, the affected home addresses and birth dates were compromised, according to the complaint.
“Although some of the information in those applications (such as Social Security numbers) has been tokenized or encrypted, other information including applicants’ names, addresses, dates of birth and information regarding their credit history has not been tokenized,” the FBI complaint states, adding that the bank told the FBI the data include about 77,000 bank account numbers.
Thompson previously worked at a cloud computing company that provided data services to the bank, according to the Post, citing court papers. She allegedly used the messaging service Slack to post files she claimed to possess.