Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Bloomberg
Bloomberg
Business
Christian Berthelsen, Spencer Soper and Bob Van Voris

Alleged Capital One Hacker Struggled With Jobs, Personal Life

She spent her days holed up in a lavender-painted bedroom, playing the video game Counter-Strike and pounding out posts that were variously boastful or tortured on different social-media channels.

Before being charged with a massive hack of Capital One Financial Corporation’s computer network, Paige Thompson, 33, lived with three roommates in a run-down house in the Beacon Hill neighborhood of south Seattle. Her roommates said they met at a support group for transgender people; Thompson identified herself as a transgender woman on Twitter.

They described Thompson as a brilliant introvert, an Arkansas native who came west with her mother as a child and decided to stay even after her family went home. She began identifying as a woman about a decade ago, said the roommates, who requested anonymity for fear of retaliation by law enforcement.

Thompson was charged Monday with computer fraud and abuse, accused by federal prosecutors of illegally accessing personal and financial information of about 100 million people in the U.S. and 6 million more in Canada. Most of the information was gleaned from applications for Capital One credit cards and includes names, addresses, dates of birth and roughly 140,000 Social Security numbers.

Her bail hearing is scheduled for Thursday. Her lawyer, Christopher Sanders, a federal public defender, didn’t reply to an emailed request for comment.

Capital One said it’s unlikely that the stolen information was used for fraud or dispersed to other individuals.

‘Enormous Shock’

Since her arrest, the information that has emerged about Thompson’s life, both online and in interviews, is of a computer engineer steeped in technical know-how but struggling to find stability in her professional and personal life. She jumped from job to job and the last one listed on her resume, a systems engineer at Amazon.com, ended almost three years ago.

“Pretty much the whole time it seemed like she had a lot going on personally and just a lot of things that were interrupting her ability to work,” said Jamie Kahler, who ran a team about four years ago that included Thompson at ATGStores.com, an online home-furnishing site. Nonetheless, he said Thompson’s arrest was an “enormous shock.”

“I never got the impression that she was that type,” Kahler said. “We didn’t have any problems with her breaching the security at our company.”

Thompson’s social media postings show her struggling with life’s challenges. On Twitter, where she gave herself the handle “erratic,” she agonized over having to euthanize her sick cat, Millie, criticized her own looks and bemoaned her lack of dating options.

On a Slack channel Thompson created for her business Netcrave, she wrote on June 26 that she told her counselor she “regretted transitioning fully. And that I felt stuck with the decision I made. And wished I knew what my options were as far as detransitioning.”

Hacking Prowess

Thompson posted about writing code, and hacking, appearing at one point to express a desire to be punished for her actions.

“The answer doesn’t really account for all the hacks, ddosing, people I’ve harassed, because it (obscenity) pisses me off, it pisses me off even more that I’m not in jail because of it, which is stupid but I mean come on, WTF,” she wrote.

Thompson was the organizer of a Meetup group called Seattle Warez Kiddies, billed as a forum for people with all manner of cyber interests, including hacking. As of Tuesday the page had been taken down from the Meetup web site.

She dropped hints along the way about her alleged crime.

On June 29, she posted an article to Twitter about companies whose data was exposed by “leaky” Amazon technology. Three months earlier, Thompson had allegedly accessed the Capital One cardholder data, which was hosted on Amazon’s cloud computing network.

Earlier that month, she wrote a Twitter message that read, “I’ve basically strapped myself with a bomb vest, (obscenity) dropping capitol ones dox and admitting it,” according to federal prosecutors.

Armed Agents

Ultimately, a security researcher alerted Capital One to leaked data on an account at GitHub, a network that allows software developers to manage and store projects. The bank’s investigators traced the account to Thompson.

It wasn’t difficult: her name was on the account, according to prosecutors.

On July 23, Thompson grieved the final hours of her cat’s life and wrote, “I’m mentally exhausted.”

Six days later, more than a dozen heavily armed agents in camouflage and helmets assembled on the doorstep of the house in the early morning hours. Thompson and her roommates were woken up by shouts: “FBI, open up!”

--With assistance from William Turton and Nico Grant.

To contact the reporters on this story: Christian Berthelsen in New York at cberthelsen1@bloomberg.net;Spencer Soper in Seattle at ssoper@bloomberg.net;Bob Van Voris in federal court in Manhattan at rvanvoris@bloomberg.net

To contact the editors responsible for this story: Andrew Martin at amartin146@bloomberg.net, Joe Schneider

©2019 Bloomberg L.P.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.