Trending: Blue Origin gets set to send thousands of postcards to space and back on test flight
(Bigstock Photo)

The massive data breach that led to the stolen information of more than 100 million Capital One customers was just one of many related hacks.

That’s what prosecutors now allege in new court documents related to the case involving Paige Thompson, the former Amazon engineer and hacker who was arrested for the Capital One hack last month.

Thompson allegedly stole “multiple terabytes of data” from more than 30 more companies, schools, and other organizations. Thompson has told investigators that she did not sell or share the data, but prosecutors have yet to confirm this. “The government is continuing its investigation, which will take a significant amount of time and resources, given the immense amount of forensic evidence to review,” attorneys for the Western District of Washington wrote in a memorandum.

The documents uphold earlier speculation from security experts and researchers. Slack messages from Thompson mention several other organizations, and Israeli security firm CyberInt said that Vodafone, Ford, Michigan State University and the Ohio Department of Transportation were likely among those affected. The prosecutors did not name specific companies or organizations aside from Capital One.

“The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified,” the memorandum notes.

ZDNet first reported about the new court filing.

Working under the online persona “Erratic,” Thompson gained access to approximately 140,000 Social Security numbers and 80,000 bank account numbers through Capital One’s database.

The breach is expected to cost Capital One between $100 and $150 million in 2019 alone. The company’s stock has fallen around 10 percent since the hack was revealed, and it is also facing 40 lawsuits in the United States and eight in Canada, prosecutors said. One lawsuit filed last week against Capital One also names Amazon Web Services as a defendant, alleging that the Seattle tech giant knew about a vulnerability allegedly exploited by Thompson.

The prosecutors argued that Thompson should be detained while the case proceeds. “Thompson has a long history of threats to kill others, to kill herself, and to commit suicide by cop,” they wrote. “The threats are serious enough that they have resulted in multiple calls to law enforcement and restraining orders.” They allege that Thompson threatened to “shoot up” the office of a California technology company earlier this year.

When searching Thompson’s home, agents seized large amounts of weapons, ammunition, and explosive material belonging to Park Quan, Thompson’s roommate and a convicted felon who was also arrested on July 29.

Thompson is scheduled to appear for a detention hearing in court in Seattle on Thursday. You can read the full memorandum below.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Comments

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.