Cyber Threat Actor: Paige Thompson
| Actor Type | Location | Known Incidents |
Sensationalist
|
United States of America
|
1 incident |
|---|
Profile
Paige Thompson,also known by the alias Paige Thompson, is an individual located in the United States of America who gained public attention for a cyber intrusion against Capital One Financial Corporation. The breach was discovered on July 19, 2019, and subsequently disclosed by the company on July 29, 2019. According to the disclosed information, the actor accessed data belonging to approximately one hundred million individuals in the United States and six million in Canada. The compromised data included names, addresses, zip or postal codes, phone numbers, email addresses, dates of birth, and self‑reported income collected during credit‑card application processes. In addition, the actor obtained portions of credit‑card customer data such as credit scores, credit limits, balances, payment histories, and fragments of transaction records spanning twenty‑three days from 2016 through 2018. The intrusion also exposed about one hundred forty thousand United States Social Security numbers, eighty thousand linked bank account numbers, and one million Canadian social insurance numbers. Capital One reported that the intrusion resulted from the exploitation of a configuration vulnerability that was promptly remediated after detection. The individual responsible was arrested and taken into custody shortly after the vulnerability was fixed.
The actor’s approach, according to the public disclosures, involved exploiting a configuration vulnerability in the target’s environment; no malware families, exploit kits, or specific tools were mentioned in the reporting. The information taken included names, addresses, contact details, birth dates, self‑reported income, credit scores, limits, balances, payment histories, transaction fragments, Social Security numbers, bank account numbers, and social insurance numbers. Capital One stated that, based on its analysis to date, it considered it unlikely that the data had been used for fraud or further disseminated by the actor, while noting that investigations continued. The individual was apprehended shortly after the vulnerability was patched and remains in custody. No public sources have linked the actor to a state sponsor, criminal organization, or larger threat‑actor group; the actor is identified solely as an individual residing in the United States. The Capital One breach represents the only publicly documented operation attributed to Paige Thompson and serves as the primary example of the actor’s activity.
