The hacker involved in the Capital One data breach may have broken into more than 30 other companies, according to a fresh petition filed by federal prosecutors on August 13.
The filing didn’t disclose the companies targeted by the cyber-thief, but said “the server seized from [alleged hacker Paige] Thompson’s bedroom during the search of Thompson’s residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities.”
While it appears not every single intrusion involved personally identifiable information, the prosecutors added the the government is working to identify the victims, and the type of data stolen from each entity.
The paperwork also seeks to keep the accused hacker detained until her trial and cited her “long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop.”
Outside of the evidence pertaining to the hack, the prosecutors said they found an arsenal of weapons, ammunition, and explosive material at the apartment Thompson shared with a convicted felon, thereby deeming her a flight and security risk.
Thompson, a 33-year-old software engineer from Seattle, was arrested last month after she left an online trail linking her to the massive theft of personal information of over 100 million customers.
Authorities said Thompson used the alias “erratic” and “0xA3A97B6C” in her online communications, posted the stolen data online on software repository platform GitHub, and made statements on social media evidencing the fact that she has information on Capital One. She has since been charged with computer fraud and abuse.
Thompson is believed to have not shared or profited from any of the data she stole from Capital One and the other companies.
The breach is expected to cost Capital One between $100 million and $150 million in 2019 alone. The company is also facing 40 lawsuits in the US and eight in Canada, with Amazon Web Services and GitHub listed as defendants in some cases for facilitating the crime.