WASHINGTON: A 33-year-old woman hacker who broke into over 100 million customers’ personal data in a massive breach at the financial giant and credit card issuer Capital One, is also believed to have stolen data from more than 30 other companies.
According to ZDNet which went through court documents: “Paige A. Thompson’s theft of Capital One’s data was only one part of her criminal conduct.”
“The servers seized from Thompson’s bedroom during the search of Thompson’s residence, include not only data stolen from Capital One, but also multiple terabytes of data from more than 30 other companies, educational institutions, and other entities,” the report said on Wednesday.
The court documents, however, did not list the name of 30 companies that Thompson, who goes by the handle “erratic”, is believed to have hacked. Some reports claim Unicredit, Vodafone, Ford and Michigan State University may be among those hacked.
Thompson who is a former Amazon engineer reportedly broke into AWS servers belonging to Capital One and over 30 additional companies.
Virginia-based Capital One, the seventh-largest bank in the US, acknowledged the breach late last month.
The actual crime occurred on March 22-23 this year and for as many as 140,000 individuals, the exposure included Social Security Numbers while for 80,000, their linked bank account numbers as well, said Capital One which is a major credit card issuer in the US and also operates retail banks.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement,” the company had said in a statement.
The data leak affected approximately 100 million individuals in the US and approximately 6 million in Canada.
“I sincerely apologise for the understandable worry this incident must be causing to those affected and I am committed to making it right,” said Richard D. Fairbank, Chairman and CEO of Capital One.
In another similar case, credit bureau Equifax agreed to pay $700 million to consumers in connection with a similar breach that occurred two years ago.