The Atlanta Journal-Constitution
What happened
Four years later, Capital One was hacked in one of the largest data breaches of a big financial institution. And in the end, the bank’s embrace of cloud services couldn’t save 106 million card customers and applicants from having their data compromised.
Instead, federal agents in Seattle arrested 33-yearold Paige A. Thompson, who is accused of breaking through a misconfigured Capital One firewall. The hole meant a hacker could reach the server where Capital One was storing its information and get into customer data.
Amazon told The New York Times its cloud had stored the stolen Capital One data. But the bank said “this type of vulnerability is not specific to the cloud,” adding it was able to quickly diagnose and fix the issue because of its “cloud operating model.” Amazon told the Times it found no evidence its underlying cloud services were compromised.
Amazon did not respond to a request for comment Tuesday morning. address for tipsters to raise alarms about potential holes in the company’s systems. According to federal prosecutors, the bank received one email suggesting leaked data had shown up on GitHub, a site for collaborating on software code.
The posts linked to her full name, email address and other online records belonging to her, court documents show. Thompson used the online nickname “erratic” and openly talked about her hacks, federal prosecutors said.
“I’ve basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it,” Thompson allegedly wrote under the alias in a June 18 Twitter message.