Feds: Capital One Hacker Stole Data From More Than 30 Other Firms

U.S. prosecutors allege that former Amazon Web Services employee Paige Thompson also stole multiple terabytes of data from more than 30 other companies, educational institutions, and entities.

The women charged with accessing the personal information of 106 million Capital One users also stole data from more than 30 other companies, according to federal prosecutors.

U.S. Attorney for the Western District of Washington Brian Moran alleged that former Amazon Web Services employee Paige Thompson stole multiple terabytes of data from a variety of companies, educational institutions, and other entities. Federal attorneys disclosed this information Tuesday as part of a motion calling for Thompson to be detained until the criminal matter is resolved.

"Thompson’s crime in this case – major cyber intrusions that resulted in the theft of massive amounts of data from what now appears to be more than 30 victim companies – only exacerbates the harm that Thompson has done, and the threat she would pose if released," Moran said in the 13-page memorandum.

[Related: 10 Things To Know About The Ex-AWS Worker Who Allegedly Hacked Capital One]

Thompson’s lawyer, Christopher Sanders, didn’t immediately respond to a request for comment.

Evidence recovered from Thompson's residence following the execution of a July 29 search warrant suggested that she intruded into servers operated, rented, or contracted by over 30 companies, educational institutions, and other entities, prosecutors allege. Although not all the intrusions involved the theft of personal identifying information, prosecutors believe that a number of the intrusions did.

That data allegedly stolen by Thompson varies significantly in both type and amount, prosecutors said. The government said it's currently working to identify specific entities from which data was stolen, as well as the type of data stolen from each entity. None of the other companies Thompson allegedly breached were named in the government's motion.

As the other victims are identified and notified, the government said it expects to add an additional charge against Thompson based upon each such theft of data. Many of the other victims of Thompson’s intrusions and thefts will also presumably incur substantial costs, according to prosecutors.

Thompson reportedly told federal authorities that she neither sold, nor otherwise shared or disseminated any data that she stole from Capital One or any other victim. Additionally, prosecutors said Thompson told them that the copy of the data that they recovered during the search of Thompson’s residence is the only copy of the stolen data that she created.

To date, the government said it hasn't uncovered any evidence that would suggest Thompson’s statement is untrue. However, prosecutors said the investigation is continuing and is expected to take a significant amount of time and resources, given the immense amount of forensic evidence to review.

"Even if she does not have another copy, Thompson’s technical sophistication means that she could commit additional cyber intrusions, thereby likely causing additional hundreds of millions of dollars of damage," Moran said in the memorandum.

Prosecutors also claim that Thompson has a long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop. Her threats have resulted in multiple calls to law enforcement, as well as the entry of protection orders against Thompson, prosecutors said.

In addition, federal agents said they observed an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible, in the bedroom of Thompson’s roommate, Park Quan. Since Quan is a convicted felon, and not allowed to possess firearms, the government said agents obtained a follow-on search warrant to seize firearms and related items.