Federal grand jury indicts woman in Capital One case

Martha Bellisle
Associated Press

Seattle – A former Amazon software engineer arrested last month on charges she hacked into Capital One bank and more than 30 different companies has been indicted by a federal grand jury on charges she not only broke into the company’s computer system, but also stole data for her own benefit.

Paige Thompson faces wire fraud and computer fraud and abuse charges in the indictment announced Wednesday. She’s scheduled to be arraigned Sept. 5. Her lawyer did not immediately respond to an email request for comment.

Paige Thompson

In addition to Capital One, the indictment identifies three other entities that were targets. They include a state agency and a public research university, both outside Washington state, and a telecommunications conglomerate located outside the U.S.

Between March and July of this year, Thompson created scanning software that allowed her to identify customers of a cloud computing company that had misconfigured their firewalls, allowing someone to access their servers, according to the indictment.

Once she had access, Thompson stole data and used the computer power to “mine” cryptocurrency for her own benefit, a practice known as “cryptojacking,” the indictment said.

Officials say Thompson, 33, copied data from servers that Capital One rented from a cloud computing company, including personal information from about 100 million customers who had applied for credit cards from Capital One.

In this July 31, 2019, file photo vehicles are parked outside the home of Paige A. Thompson, who uses the online handle "erratic," in Seattle. Thompson was arrested after the FBI said she obtained personal information from more than 100 million Capital One credit applications. In a memorandum filed ahead of a court hearing Thursday, Aug. 15, the U.S. Attorney’s Office in Seattle said servers found in Thompson’s bedroom contained data stolen from more than 30 unnamed companies, educational institutions and other entities.

At least 40 lawsuits have been filed against Capital One Financial Corporation, claiming the company failed to protect its customer’s personal information.

Thompson was arrested on July 29 after she allegedly talked about the hack on the site GitHub. Another user alerted Capital One to her posts and the financial services company confirmed that there had been a data intrusion, so it contacted the FBI. Investigators said they traced the hack back to Thompson.

She was arrested and her electronic devices were seized from her home in Seattle’s Beacon Hill neighborhood. Investigators said they did not find any evidence that Thompson sold or disseminated any of the information she had gathered.

The charges carry penalties of up to 25 years in prison.

U.S. Magistrate Judge Michelle Peterson ordered Wednesday that Thompson remain in custody pending trial.

Peterson said after a detention hearing last week that Thompson is a safety risk to herself and others. The judge cited a Seattle police report alleging that Thompson threatened a social media office in California.

On May 21, the Mountain View Police Department opened a “terrorist threat” investigation after one of Thompson’s former coworkers reported that Thompson sent a message saying she was “going to California to shoot up (REDACTED) office I hope you are not there,” according to the report acquired by The Associated Press on Thursday.

The name of the social media company was redacted but the address was nearly identical to an address for LinkedIn. A message seeking comment from LinkedIn was not immediately returned.

Thompson’s lawyers later told the judge that Seattle police investigated the threat and concluded that she “had no monetary or transportation means to come to California.”