A federal grand jury has summoned the suspected hacker who obtained personal information of more than 100 million people in the Capital One Financial Corp data breach on charges of wire fraud and computer data theft, the U.S. Department of Justice (DOJ) said on Wednesday.
The violation at Capital One between March and July was disclosed late last month and stemmed from Capital One’s decision to store information in Amazon’s cloud division, called Amazon Web Services (AWS), where a former employee named Paige Thompson managed to access the data.
Thompson’s indictment cited over 30 victims of information intrusion and theft, including Capital One, the DOJ said, adding that the case is being forwarded to a federal court in Seattle.
The DOJ did not specify other institutions whose information was stolen by Thompson, but it said that some of the victims included a state agency near Washington, a public research university outside Washington and a telecom conglomerate outside the U.S.
Thompson not only breached private information, but also used stolen computer power to mine cryptocurrency for her own benefit, an action known as “cryptojacking,” according to the indictment.
The software engineer made her first appearance in a federal court in July. She’s held in custody and her charges in the indictment carry penalties of up to 25 years in prison, according to the statement.
The data breach at Capital One resulted in the revelation of names and addresses of consumers, the company said last month. The hacker did not gain access to credit cards, but around 140,000 Social Security numbers and 80,000 linked bank account numbers were affected.