Paige Thompson, the accused Capital One hacker, stole data from more than 30 other companies, educational institutions and others, according to federal prosecutors.
Thompson is already charged with computer fraud and abuse after authorities said she stole personal data on 106 million people from Capital One in one of the largest bank data breaches ever. Now, prosecutors said she could face more charges for each additional data theft, which they’re still investigating.
Authorities found the stolen Capital One data on a server in Thompson’s bedroom, according to prosecutors. The data included about 120,000 unencrypted Social Security numbers and 77,000 unencrypted bank account numbers. Prosecutors said the search also turned up multiple terabytes of data stolen from other victims.
“The evidence that Thompson committed this crime is overwhelming,” prosecutors wrote in a court filing.
Thompson is a Seattle area software engineer who worked short stints at a number of tech jobs after dropping out of college in 2006, including one at Amazon Web Services from 2015 to 2016. Amazon has said no insider knowledge or access was required for the Capital One intrusion. She went by the name “erratic” on social media and online chats.
In a court filing this week, prosecutors asked a judge to keep Thompson detained pending her trial, saying she has a long history of threatening violence and could “pose a technological danger” by committing cyber intrusions if released.
Thompson admitted to committing the intrusion and told investigators that she never shared the stolen data with anyone, but authorities haven’t confirmed that part yet, according to the court filing.
Prosecutors said the newly-discovered data breaches didn’t appear to all involve personal information, but some did. The government will notify additional victims as investigators identify them.
Thompson’s online postings suggested other victims could include Ford Motor Co., UniCredit SpA and Michigan State University, The Wall Street Journal reported. Ford told the newspaper it was affected, while UniCredit and Michigan State said they were investigating.