An ex-Amazon employee who hacked Capital One consumer data might also have breached information from Ford, British telecommunications provider Vodafone, and the IT company Infoblox along with Michigan State University and the Ohio Department of Transportation.
Paige Thompson, a former Amazon Web Services employee, was recently arrested for hacking into Capital One’s customer information stored in the cloud hosted by Amazon. Thompson exposed personal information, such as names, addresses, account numbers, and Social Security numbers, of more than 100 million Capital One customers.
Thompson was allegedly able to take advantage of a misconfigured web application firewall to breach the information.
In court filings, the FBI stated Thompson, who went under the username “erratic”, posted messages on the Slack channel that contained caches of hacked files. Capital One files were included in the messages along with hacked files that appear to be from Ford, Vodafone, Infoblox, MSU, and the Ohio Department of Transportation.
The FBI is currently investigating if the data breach extends to the companies and organizations mentioned in the Slack messages. Thompson could face additional charges if her hacking efforts went beyond the Capital One files. She currently faces five years in prison and a fine of up to $250,000 for the Capital One data breach.