An ex-Amazon employee has been arrested for allegedly hacking the account information of more than 100 million Capital One customers.
Paige Thompson, of Seattle, is accused of exposing customers’ personal information – including names, addresses, credit scores, bank account numbers, Social Security numbers, and Canadian Social Insurance numbers – and attempting to share the information on the dark web. Thompson, 33, had previously been a software engineer for Amazon Web Services, which was the cloud hosting the Capital One customer data. She allegedly was able to take advantage of a misconfigured web application firewall to steal the information.
Richard Fairbank, Capital One chairman and CEO, issued a statement after Thompson’s arrest, saying the incident affected about 100 million customers in the United States and 6 million in Canada. The data breach took place over two days in March.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Fairbank said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
He said customers with exposed information will be notified of the breach. The company expects to spend between $100 million and $150 million to notify customers, perform security upgrades, and other costs related to containing the hack.
Capital One officials were notified of a possible breach this month after Thompson began boasting about hacking the nation’s seventh largest bank on social media.