REUTERS/ Brendan McDermid
- A massive data breach at Capital One exposed the personal information of 106 million customers.
- It looks like Capital One may just be the first of several potential data breaches all attributed to the same person.
- A 33-year-old named Paige Thompson was arrested on Monday in connection with the data breach. Thompson was charged with a single count of computer fraud and abuse, which carries a sentence of up to five years in prison and a $250,000 fine.
- Visit Business Insider’s homepage for more stories.
On Monday, Capital One revealed that a major data breach affecting 106 million US and Canadian customers occurred earlier this year. The data lost includes names, addresses, birthdates, Social Security and bank account numbers, and more.
As it turns out, Capital One could be the first of several companies affected by the same breach.
Companies such as Ford and Vodafone, as well as Michigan State University and the Ohio Department of Transportation, may have also been impacted by the same data breach, reports TechCrunch citing Israeli cybersecurity firm CyberInt. Reports from Forbes and security researcher Brian Krebs also suggested that the hack may have affected others besides Capital One.
Ford said in a comment to Business Insider that it’s investigating the situation to determine whether Ford’s information was involved. The Ohio Department of Transportation is currently working with the FBI, but could not confirm if any data was accessed, a spokesperson said via email.
"We take security very seriously," a Vodafone representative told Business Insider. "Vodafone is not aware of any information that relates to the Capital One security breach."
Michigan State University is "aware that our university was listed on a chat site by the hacker accused of breaching Capital One" and is "cooperating with all law enforcement who are investigating the crime," an MSU spokesperson said. "To our knowledge, we have not been compromised," said the spokesperson, who added that the university is continuing to monitor the situation.
On Monday, it was revealed that Capital One was hit with a data breach impacting 100 million customers and applicants in the United States and six million in Canada. No credit card numbers or login credentials were compromised, but names, addresses, dates of birth, phone numbers, 140,000 Social Security numbers, and 80,000 bank account numbers were compromised.
Paige Thompson, a 33-year-old software engineer and former Amazon employee, was charged with one count of computer fraud and abuse in connection to the data breach. Thompson was arrested on Monday in an FBI raid on her Seattle home.
Krebs, who joined the Slack channel in which Thompson posted about the data she is believed to have stolen, published a screenshot reportedly showing the databases she accessed by hacking into Amazon’s cloud service. Ford is one of several companies named in that list. The referenced file only contained publicly available data from the Ohio Department of Transportation, and no personal information was stored there, the spokesperson also said.
A user that is believed to have been Thompson mentioned the data breach in a post on the code-sharing website GitHub, which prompted a tipster to contact Capital One. The company has yet to alert customers who are impacted in the data breach.
- See the raid where the 33-year-old woman accused of hacking Capital One was apprehended by camouflaged, armed FBI agents
- How to find out if your data was stolen in the Capital One hack, and what you can do about it
- The woman charged with stealing 100 million people’s data clued in the FBI with bizarre boasts on Twitter, GitHub, and Slack