On Monday, Paige Thompson, known online as “erratic,” was arrested and charged with hacking into Virginia-based bank Capital One and stealing and exposing the personal information of around 100 million Americans and another 6 million Canadians. According to Capital One, there is no evidence this data has been accessed by identity thieves, but the company is offering credit monitoring for anyone who may have been impacted.
Thompson, who formerly worked for Amazon Web Services, didn’t exactly do a good job of hiding her tracks: She posted the leaked data on GitHub. Someone saw this and informed Capital One, the bank then conducted an international investigation and brought in the FBI, and the FBI pretty quickly pinned the crime onto Thompson. Her full name was listed in the stolen file, and the GitHub page where she’d posted it also had a copy of her resume. It also didn’t hurt that she posted photos of herself under her alias and bragged about the hack on various platforms, including Twitter and Slack.
“I’ve basically strapped myself with a bomb vest,” Thompson wrote in a direct message on Twitter, according to the criminal complaint. “Fucking dropping capitol ones dox and admitting it.”
It makes you wonder, was she trying get caught? It seems highly unusual for a hacker to go through so little effort to hide their tracks. Seems like if you can steal that much data, you could at least take basic precautions not to get caught. I’m also curious about what would motivate someone to expose the personal information of 106 million people in the first place. Was it ideological or just for fun? Capital One is a bank, and banks are run by bankers, and bankers are capitalists, and capitalists are bad, but the 106 million people Thompson served up to potential identity thefts don’t run the banks. Besides, how many anti-capitalists work for Amazon? Or maybe it was more simple than that. Maybe she just saw an opening and took it.
Whatever the motivation, this demonstrates, once again, that all it takes to disrupt industries and financial systems is a hacker with some free time.
The story gets even stranger: When the FBI raided Thompson’s home in Beacon Hill on Monday, along with evidence of the hack, they recovered a cache of guns that apparently belonged Thompson’s 66-year-old housemate Park Quan, who is prohibited from possessing firearms do to prior convictions. Quan, who also had illegal bump stocks, was also arrested and is now facing 10 years in prison.
As for Thompson, her bail hearing is on Thursday. She faces a $250,000 fine and up to 5 years in prison.
