Federal Prosecutors Accuse Capital One Hacker of Hitting Dozens More Targets -- Update

Date : 08/14/2019 @ 10:58PM
Source : Dow Jones News
Stock : Amazon com (AMZN)
Quote : 1792.57  16.45 (0.93%) @ 5:00AM

Federal Prosecutors Accuse Capital One Hacker of Hitting Dozens More Targets -- Update

Amazon com (NASDAQ:AMZN)
Historical Stock Chart

1 Month : From Jul 2019 to Aug 2019

Click Here for more Amazon com Charts.
By Robert McMillan 

The hacker charged with stealing millions of Capital One Financial Corp. records hit more than 30 other targets, federal prosecutors said, significantly expanding the scale of what was already considered one of the largest heists of data stored in the cloud.

The accused hacker, Paige A. Thompson, a former Amazon.com Inc. employee, was arrested on July 29, and charged with the theft of 106 million Capital One records in one of the largest-ever bank-data thefts. Ms. Thompson also stole multiple terabytes of data from more than 30 other companies, educational institutions and others, prosecutors said in a court filing Tuesday.

Ms. Thompson, who has remained in custody, is scheduled to appear at a bail hearing Aug. 22. Prosecutors, citing Ms. Thompson's past behavior, asked the court to deny bail out of concern she would "resort to threats, violence, or cybercrime." They said Ms. Thompson had a "long history" of threatening to kill others and herself. Prosecutors also said they consider Ms. Thompson a flight risk.

In online discussion forums, Ms. Thompson expressed frustration over her 2016 dismissal from Amazon, and subsequent inability to find employment. She claimed to earn money by installing crypto-mining software on some of the computer systems she accessed. According to security experts who have viewed her posts, Ms. Thompson displayed a high level of technical knowledge on the inner workings of Amazon's cloud.

Earlier this week, Ms. Thompson declined a request from The Wall Street Journal for an interview, relayed to her by prison officials. Her lawyer didn't immediately respond to a request for comment on the latest accusations.

Ms. Thompson allegedly exploited a common cloud configuration problem to access the Capital One data. The bank has taken responsibility for not adequately securing its systems, but the incident also has raised questions about whether Capital One's cloud computing provider, Amazon, could do more to protect its customers. Amazon, the world's largest cloud-computing company, has said that none of its services were the underlying cause of the break-in.

An Amazon spokesman on Wednesday said that the company is now running checks and alerting customers if they have the kind of firewall misconfiguration that Ms. Thompson allegedly exploited. "Other than Capital One, we haven't yet heard from customers about a significant loss," he said in an email.

Amazon is also considering additional changes that it can make to its cloud subsystems that will better protect its customers, the company said in a letter dated Wednesday and sent in response to questions about the breach raised last week by Sen. Ron Wyden (D., Ore.).

In a statement, Sen. Wyden said that while he appreciates the steps Amazon is taking to address these security issues, the company still needs to do more to protect its customers. "Without additional action, I fear we will continue to see repeats of the Capital One breach, with American consumers as the real victims," he said.

Ms. Thompson's alleged hack was discovered after she posted details about her hack online, leading a tipster to notify Capital One.

Prosecutors said they expect to add to the charges against Ms. Thompson for each additional entity hit. "Although not all of those intrusions involved the theft of personal identifying information, it appears likely that a number of the intrusions did," prosecutors said. The investigation into who exactly was targeted and what information was taken continues, they said.

The latest filings didn't say whether all of the affected companies are Amazon customers.

In online postings viewed by the Journal, Ms. Thompson suggested she had accessed data at several other entities, including Ford Motor Co., UniCredit SpA, Italy's largest bank, and Michigan State University. Ford said it wasn't affected. UniCredit and Michigan State University have said they were investigating the incident.

The impact of Ms. Thompson's crime, prosecutors said, "will be immense." Capital One has said the data breach will cost it as much as $150 million. A Capital One spokeswoman didn't immediately return messages seeking comment.

Prosecutors, in their latest court submission, also detail several of the run-ins Ms. Thompson had with law enforcement before her arrest last month. In March, police were called to her Seattle residence after Mr. Thompson allegedly tried to strike a roommate. Police again were called to the house two months later after Ms. Thompson allegedly had threatened to "shoot up" the office of an unnamed California technology company, prosecutors said.

Mike Colias and Sebastian Herrera contributed to this article.

Write to Robert McMillan at Robert.Mcmillan@wsj.com


(END) Dow Jones Newswires

August 14, 2019 17:43 ET (21:43 GMT)

Copyright (c) 2019 Dow Jones & Company, Inc.

Latest AMZN Messages

{{bbMessage.M_Alias}} {{bbMessage.MSG_Date}} {{bbMessage.HowLongAgo}} {{bbMessage.MSG_ID}} {{bbMessage.MSG_Subject}}

Loading Messages....

No posts yet, be the first! No {{symbol}} Message Board. Create One! See More Posts on {{symbol}} Message Board See More Message Board Posts

Your Recent History
Gulf Keyst..
FTSE 100
UK Sterlin..
Stocks you've viewed will appear in this box, letting you easily return to quotes you've seen previously.

Register now to create your own custom streaming stock watchlist.

NYSE, AMEX, and ASX quotes are delayed by at least 20 minutes.
All other quotes are delayed by at least 15 minutes unless otherwise stated.