Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada.

The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account.

The FBI Arrested the Alleged Hacker

The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data.

Thompson appeared in U.S. District Court on Monday and was charged with computer fraud and abuse, which carries up to five years in prison and a $250,000 fine. A hearing has been scheduled for August 1, 2019.

According to court documents [PDF], Thompson allegedly exploited a misconfigured firewall on Capital One’s Amazon Web Services cloud server and unauthorizedly stole more than 700 folders of data stored on that server sometime in March.

Read more at The Hacker News