As for the Capital One breach, an article in today’s New York Times sheds light on the 33-year-old software coder who loved her cat and was prone to sharing personal information on her social media, often to the point of “oversharing.” Paige Thompson did not have the notoriety of Alberto Gonzalez (Gonzalez was the mastermind behind the TJX fraud, who stole 40 million records from TJMaxx). Paige Thompson lives in Seattle and, aside from her current job, ran a coding club named Seattle Warez Kiddies, a Meetup group.
Her user name, “Erratic” should have been a giveaway.
Thompson did not run, nor did she hide. The NYT says this cat-lover left a trail of breadcrumbs.
- The tweets, initially seen by a small number of followers, offered a public but limited glimpse into Ms. Thompson’s mind-set at the time the authorities arrived at her door on Monday and seized her digital devices.
- Federal prosecutors say the data breach included 140,000 Social Security numbers and 80,000 bank account numbers, culled from tens of millions of credit card applications.
- And a tipster provided the government with private messages on Twitter in which Ms. Thompson said she had “basically strapped myself with a bomb vest,” while mentioning Capital One, indicating she intended to distribute the data and knew the consequences.
Interesting story, but we’re not talking about a rocket scientist from Stanford or MIT.
- Since dropping out of Bellevue Community College in Washington State in 2006, Ms. Thompson has had a series of software engineering jobs, including at Amazon Web Services in 2015 and 2016, according to her résumé.
- She listed herself as the current owner of Netcrave Communications, a hosting company.
But as her world comes crumbling down, the suspect says:
- “I have a whole list of things that will ensure my involuntary confinement from the world,” she wrote. “The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”
The NYT did not dignify the suspect by posting her picture, but Krebs on Security did.
Capital One, the victim, posted this statement on their site, along with a personal quote by CEO Richard Fairbank. Here’s the fortunate news: “Importantly, no credit card account numbers or log-in credentials were compromised, and over 99 percent of Social Security numbers were not compromised.”
But here’s the bad news: If you were not impacted by the Equifax breach, you might have made this list.
Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group
