US sues hacker for data theft at Capital One bank

The US Department of Justice has charged the hacker who managed to steal information from 100 million Americans from the bank Capital One. The woman could be sentenced to a maximum of 25 years in prison.

Paige Thompson, 33, is suspected of breaking into the American bank Capital One. In doing so, she would have obtained ‘fragments of transaction data’, 140,000 social security numbers and 80,000 account numbers. According to the Justice Department, there is no indication that Thompson sold that data on.

Thompson is charged with computer intrusion and wire fraud. The latter is especially interesting. In the initial suspicion of the FBI, only computer intrusion was discussed. It carries only five years in prison. Now that fraud is added, the penalty may be increased fivefold.

Not everything is known about the nature of the hack. It appears that Thompson was able to access the bank information because it was on a poorly secured Amazon Web Services bucket. Thompson worked at Amazon for a short time and managed to circumvent that security if possible. The FBI launched an investigation because Thompson posted details about that poor security on GitHub before the hack. Thompson would also have used access to the bank servers for cryptojacking. It installs malware that mines cryptocurrencies using the computing power of the infected computer.