Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Hacker Found Guilty in 2019 Capital One Data Breach

June 28, 2022

Arieele Waldman, of TechTarget, recently posted about Paige Thompson and the Capital One data breach that occurred in 2019. The Capital One data breach is one of the big ones that is still discussed and analyzed today in the cybersecurity space. The breach itself encompassed more than 100 million customers’ data in both the U.S. and Canada.

In 2019, the breach allowed for the unauthorized access of personally identifiable information (PII) of customers and credit card applicants, including their payment history, contact information, credit scores and even Social Security numbers and bank account numbers. Waldman writes “it was still one of the largest financial data breaches to date.”

An email sent anonymously to Capital One began the investigation into the breach in which the FBI was involved. Through the investigation of the email sent along with other digital evidence such as social media statements and posts made on GitHub, the FBI was able to track the breach to Paige Thompson. Thompson was arrested in July of 2019.

Thompson was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer.

A release from the Department of Justice reveals some additional technical information about the tools and techniques Thompson used in the breach. “Using Thompson’s own words in texts and online chats, prosecutors showed how Thompson used a tool she built to scan Amazon Web Services accounts to look for misconfigured accounts” the DOJ release states.

Thompson then used the misconfigured accounts to access data and download information. The downloaded data included that of more than 30 entities, including the data of Capital One. The press release reveals that Thompson bragged about the illegal activities online and to others through text messages.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensic

Sensei Enterprises

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Digital Forensics Dispatch

Hacker Found Guilty in 2019 Capital One Data Breach

Ride the Lightning

Your IT Consultant

Disclaimer