Lil miss Paige got what is in your wallet.
MCLEAN, Va., July 29, 2019 /PRNewswire/ — Capital One Financial Corporation (NYSE: COF) announced today that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.
Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.
According to the criminal complaint, the FBI honed in on Thompson after “information obtained from the obtrusion” was found on a GitHub page with Thompson’s name attached to it. A tipster had emailed Capital One on July 17, 2019, to alert them to the post. The message included a link to a file, that was confirmed to contain information for getting into Capital One systems.
And Paige bragged about her nefarious achievements.
Paige Adele Thompson described herself as a “Programmer, sysadmin, electronics enthusiast” on the GitLab profile mentioned in the third section of this article. Another profile states that she works at Netcrave Communications in Seattle. A search of online records brings up a now-deleted LinkedIn page that lists her occupation as “Owner / software engineer” at Netcrave. On a Meetup page, Thompson also described herself as the CTO of the company.
The resume that FBI investigators alluded to in the criminal complaint was easily found on Scribd, the online platform that allows for the sharing of documents. Thompson wrote on the resume that she worked for Amazon as a systems engineer in 2015 and 2016. She also lists prior jobs as a software engineer at companies including ATG Stores Inc, ConnectXYZLLC and Seattle Software Systems. The resume states that Thompson attended Bellevue Community College but did not graduate. Excellent work as published here.
According to the criminal complaint, Paige Thompson actually began the hack in March. It is quite the case and interesting reading found here.