Capital One was notified by a concerned citizen that they might have been hacked after Thompson bragged about her accomplishment on Slack, Github and Twitter -admitting that she had Capital One’s data and was interested in selling it. Thompson did little to hide her identity – posting her full name to her Github account and using her online alias “erratic” in Meetup and Chatrooms that the FBI was able to trace back to her. In fact, she knew that she had made a mistake taking to her Twitter account to tweet, “Ive basically strapped myself with a bomb vest, f***ing dropping capital ones dox and admitting it.” She later admits; "I wanna distribute those buckets i think first." She stated on Slack, “"I wanna get it off my server that's why Im archiving all of it lol.” If convicted Thompson faces five years in jail and a $250 thousand fine.
It takes months- even years for some organizations to uncover a breach but due to Thompson’s failure to cover her tracks- Capital One was able to discover their data breach earlier than usual thanks to a tip. ““Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual,” Capital One CEO Richard D. Fairbank said. He went on to apologize to the millions of people who were affected saying, “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” He added that the loophole Thompson used to access the data has been fixed - ensuring that another data breach was unlikely.
Capital One is just one of many Fortune 500 companies that have recently been breached - joining the ranks of Yahoo, Experian and Marriott in recent years. Attempting to minimize the damage Capital One said in an official statement that no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised. They also wrote that those affected by the breach would be notified through a variety of channels.
If you have opened any account with Capital One since 2015 it’s important that you take the necessary precautions to ensure that your information is protected. Experts advise that customers immediately freeze their credit and check their accounts for any fraudulent activities for the next few months.