A federal grand jury indicted 33-year-old software engineer Paige Thompson, a former Amazon employee, for the crime. More than 100 million people were affected by the breach.
Capital One stored its data with Amazon’s cloud division, called Amazon Web Services, and Thompson accessed the data from there. Thompson’s indictment cites more than 30 victims, which includes Capital One. The indictment didn’t name the other companies.
Thompson is also accused of stealing computer power to mine cryptocurrency, which is a practice colloquially known as cryptojacking, the indictment said.
Thompson is in government custody and faces up to 25 years in prison if she is convicted. The theft of data was large, and 140,000 Social Security numbers and 80,000 bank account numbers were compromised. Thompson did not get names and addresses of customers, however.
UniCredit, in a memo to its staff, said that an internal investigation showed no evidence that a recent data breach at Capital One involved any of its own data.
UniCredit said it was launching its own investigation after its name came up in a screenshot published by Krebs On Security in which Thompson claimed to hack other companies.
A source briefed on the issue said that UniCredit doesn’t store customer data on any Amazon servers.
Among the companies listed by Krebs on Security in the screenshot are software company Apperian, Ford, Global Garner, Identiphy, UniCredit and Infoblox.
The website reached out to many of the companies, and it heard back from Infoblox.
“Infoblox is aware of the pending investigation of the Capital One hacking attack, and that Infoblox is among the companies referenced in the suspected hacker’s alleged online communications,” the company said. “Infoblox is continuing to investigate the matter, but at this time there is no indication that Infoblox was in any way involved with the reported Capital One breach. Additionally, there is no indication of an intrusion or data breach involving Infoblox causing any customer data to be exposed.”