Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations.
Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach. While the Office declined to identify the other potential victims, Israeli security firm CyberInt believes they may include Vodafone, Ford, and Michigan State University.
There has been widespread speculation that Capital One was one of multiple targets based on recovered Slack messages from Thompson’s account, where she reportedly referred to several other companies being vulnerable to the same misconfiguration exploited in the Capital One attack.
“The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified,” said prosecutors.
The Capital One data breach compromised over 144,000 Social Security numbers and a million Canadian Social Insurance numbers from credit card applications. Thompson is currently facing five years in prison and $250,000, but both penalties may increase upon further investigation.