Federal prosecutors in Seattle charged 33-year-old software engineer Paige A. Thompson Monday with stealing data from millions of credit card applications from banking giant Capital One.
The breach was discovered after someone emailed Capital One reporting that some “leaked S3 data” belonging to Capital One was posted on GitHub’s Gist text-sharing service, according to court documents, referring to Amazon’s Simple Storage Service.
Thompson worked at Amazon on S3 from May 2015 through September 2016, according to a resume posted on her page at GitLab, another popular site for sharing code repositories. An Amazon spokesperson has confirmed she last worked at the company in 2016 but said the hack didn’t require any insider knowledge, Bloomberg reports.
Thompson dropped out of Washington’s Bellevue Community College for a “career opportunity” and then held a variety of tech jobs, including running her own business called Netcrave Communications, according to her resume.
In addition to posting software projects and thoughts on technology on social media, Thompson also posted about struggles with mental health and other personal issues on her Twitter account in recent weeks. She allegedly also hinted at hacking activities on a public Slack server she maintained, leading another user to reply “don’t go to jail plz,” according to court documents. On Twitter, she also appeared to allude to the possibility of being prosecuted for criminal hacking.
What that the only thing left to try is to go to jail for hacking and have a criminal record to prove that i know my shit to employers? I think so too
— ᗴᖇᖇᗩ丅Ꭵᑕ (@0xA3A97B6C) July 11, 2019
According to a report by security writer Brian Krebs, Thompson also alluded to “struggles with gender identity, lack of employment, and persistent suicidal thoughts” in her posts on Slack. The Slack server appears to have since been deleted.
Thompson was ordered held at least until a hearing on Thursday, prosecutors said. She could face up to five years in prison and a $250,000 fine for the present charge of computer fraud and abuse.
Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the early-rate deadline, May 3.
