A 33-year-old woman who used to work for Amazon is the suspect in the massive Capital One hack — meet Paige Thompson

Drew Angerer/Getty Images

A woman accused of breaching the data of over 100 million Capital One customers was arrested on Monday after investigators found that online accounts linked to her had boasted about the hack.

She’s accused of stealing data from millions of customers, including Social Security numbers, linked bank accounts, and other personal information, Capital One disclosed on Monday.

The Justice Department charged Paige Thompson, 33, a software engineer in Seattle who formerly worked for Amazon, with one count of computer fraud and abuse.

Thompson could face up to five years in prison and a $US250,000 fine if convicted.

Read more:
How to find out if your data was stolen in the Capital One hack, and what you can do about it

Here’s everything we know about Paige Thompson, the suspect in the Capital One hack affecting 100 million people:

Paige Thompson is a 33-year-old software engineer known online by the alias “erratic.”

Wocintech/FlickrSoftware engineers. Neither is Thompson.

Source: Justice Department

A résumé appearing to belong to Thompson on GitLab says she attended Bellevue Community College in Washington in 2005 but left after a little more than a year to pursue a career opportunity.

Source: GitLab

Thompson was arrested on Monday in Seattle, where she lives. The résumé indicates that since leaving college she’s worked as a software and systems engineer at various companies in the Seattle area.

Source: Justice Department, GitLab

It appears that most recently Thompson worked as a systems engineer for Amazon’s cloud software business, Amazon Web Services, which Capital One uses. An Amazon representative told Bloomberg that she last worked there in 2016.

Elaine Thompson/APThe rooftop dog park at Amazon’s headquarters in Seattle.

A “firewall misconfiguration” left Capital One’s cloud servers vulnerable, and Thompson was able to access them, the complaint said.

The résumé indicates that she worked on Amazon’s cloud products when she was employed there, but the Amazon representative told Bloomberg the hack didn’t require insider knowledge.

Source: GitLab,Bloomberg

The criminal complaint says that after a user believed to be Thompson posted about the data breach on GitHub, a website for developers to share code, another user, identified by Capital One only as an “external security researcher,” saw it and tipped off Capital One.

Source: Justice Department criminal complaint, Business Insider

Further investigation by Capital One and the FBI found instances of accounts linked to Thompson boasting about the hack on Slack and Twitter.

The complaint said that a Twitter user with the alias “erratic” sent a direct message that said, “Ive basically strapped myself with a bomb vest, f—ing dropping capitol ones box and admitting it.”

Source: Justice Department criminal complaint, Business Insider

Thompson is charged with one count of computer fraud and abuse. If convicted, she could face a sentence of up to five years in prison and a $US250,000 fine.

Drew Angerer/Getty Images

Source: Business Insider

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.