Transgender Hacker Arrested For Stealing Data From 100 Million Capital One Customers In Mass Hack

transgender hackerA Seattle-based transgender hacker named Paige Thompson has been arrested for hacking Capital One bank’s systems to steal data it stored on Amazon’s Web Services cloud. Thompson is a former Amazon systems engineer.

Thompson had planned to steal the addresses, phone numbers and names of 100 million people in the United States. 

The transgender woman accessed the social security numbers on 140,000 people. She was able to get credit card numbers on 80,000 additional people.

Thompson allegedly pulled it off between March and July of this year. She broke into the bank’s servers through a misconfiguration in its firewall. 

Amazon’s Web Services cloud was storing the data. However, Amazon insists it is not to blame for the hack. Amazon claims she exploited Capital One’s systems to access it.  Capital One admitted that it was a fault in its infrastructure. 

Thompson left authorities a trail of breadcrumbs after stealing the data. She began bragging about it online. She bragged so much that other hackers warned her to be quiet about it because she was facing jail.  

Another hacker reported Thompson’s online boasting to Capital One on July 17. The rat hacker saw Thompson’s boasts on a website called GitHub. As a result, he alerted the bank to it in an email.  

The Motives Of The Transgender Hacker Motives Remain Unclear

Thompson’s motives remain unclear. The bank said in a statement that it does not believe the hacker’s intention was to steal people’s money. 

FBI agents found she had also tried to target other entities but they did not state what they were. 

Capital One and the FBI announced the hack on Monday. However, they state that no one’s money was taken: 

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. 

The FBI also states Thompson posted information she gleaned from the hack onto the GitHub web site. 

Thompson is also alleged to have posted messages on social media admitting to the hacks while knowing that what she was doing was illegal.

Furthermore, Thompson made her identity known by failing to properly encrypt her IP address which left her full name in it.   

Transgender Hacker Has Potential Mental Issues

transgender hackerThompson posted about her desire to commit suicide on social media. She also bemoaned about her boyfriend being deported to Greece.

The FBI says that it also found a Meetup page used by Thompson which contains a link inviting others to a Slack chat.

The transgender hacker went by the alias ‘erratic,’ 

She admitted to others that she hacked the data and was looking for an online location to store it.

FBI investigators also tracked down a Twitter account alleged to be that of Thompson.

The arrest affidavit also contains a screenshot of a Twitter chat by ‘erratic’:

I’ve basically strapped myself with a bomb vest, f*****g dropping capital ones dox and admitting it…I wanna distribute those buckets i think first.

Thompson’s Twitter account reveals a troubled woman who speaks of her desire to undergo doctor-assisted suicide in Denmark.

Other Twitter posts included images of her and her cat, which she says needed to be euthanized by the vet. 

She also claimed in a tweet that she is illegally in the United States. She claims she wants the government to deport her back to her native home on the Pacific island of Tuvalu

In one Twitter post, she tagged the Seattle Police Department and President Trump, writing:

I would like to make good on the deportation initiative and surrender myself to detainment and deportation. I am in this country illegally, I just want to get this over with. What should I do? I am unable to physically relocate back to where I came from, is there a line to get in perhaps I could catch a flight out with some other folks who are going back?’  

Transgender Hacker Is 2nd Person To Hack Capital One In 2 Years

This is also the second hack for Capital One in two years. 

In July 2017, Capital One sent letters to an unspecified number of customers informing them that their data may have been compromised by one of the company’s employees. 

Capital One said in the letter that it had fired the employee and notified law enforcement. 

The lender is not the only company that has had to deal with lapses in data protection and customer privacy.

Write A Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ready to get started?

Speak to a specialist at (888) 737-6344