Software engineer indicted over Capital One breach

A federal grand jury formally indicted a former software engineer on Wednesday for breaching the sensitive data of more than 30 companies, including Capital One, affecting millions of Americans.

Paige Thompson, a former Amazon employee, was charged with wire fraud as well as computer fraud and abuse for hacking into the networks of Capital One and multiple other unnamed entities earlier this year. If convicted, Thompson faces up to 25 years in prison.

Thompson was arrested in July for allegedly stealing the personal information of more than 100 million U.S. Capital One customers and potential customers, including Social Security numbers and bank account numbers, and the data of an additional 6 million Canadian customers.

Thompson’s arrest came after she posted on GitHub about her theft of the data. Another user who saw the post subsequently alerted Capital One and the company then reached out to the FBI.

The indictment alleges that Thompson accessed this data through the use of “scanning software” that she created, which allowed her to identify the customers of a cloud computing company that had “misconfigured their firewalls.” Thompson also allegedly used stolen power from the computers accessed to “mine cryptocurrency for her own benefit.”