On Monday, FBI and the bank Capital One revealed a data breach of 106 million credit card applications that included data like names, addresses, telephone numbers, and dates of birth, alongside 140,000 Social Security numbers, 80,000 bank account numbers, and some transaction information.
It is perhaps the biggest breaches of a major financial institution ever.
The alleged hacker, Paige A. Thompson, a resident of Seattle, was arrested on Monday on charges of computer fraud and abuse after reportedly boasting about the breach online.
Thompson, 33, went by the hacker name “erratic” in many online forums. She allegedly exploited a misconfigured firewall to access a Capital One cloud repository and exfiltrate data sometime in March. On April 21, the FBI says, Thompson posted the data to her GitHub account, which included her full name and resume.
“Capital One quickly alerted law enforcement to the data theft—allowing the FBI to trace the intrusion. I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it,” said US attorney Brian Moran.
A hearing has been scheduled for 1 August. Ms Thompson faces a maximum sentence of five years in prison and a $250,000 fine.