The woman accused of a massive hack that affected 106 million Capital One customers and more than 30 other companies has been indicted on two charges that could result in a 25-year prison term.
Paige A. Thompson, 33, aka “erratic,” is scheduled to be arraigned in U.S. District Court in Seattle on Sept. 5 on charges of wire fraud and computer fraud and abuse, according to the U.S. Attorney’s Office for the Western District of Washington.
She remains in custody.
Capital One said the data breach would cost the bank $100 million to $150 million — expenses tied to notifying customers, credit monitoring, technology and legal support — in 2019.
About 100 million U.S. customers were affected along with 6 million in Canada.
Thompson, according to the indictment, “created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers.” She allegedly used this access to steal data and to hijack computing power to mine cryptocurrency, aka “cryptojacking.”
In addition to Capital One, Thompson’s alleged victims included a telecom conglomerate outside the United States and a public research university. Investigators did not find evidence that she sold or distributed any of the information allegedly obtained via the data breach.
The FBI is handling the investigation.
ABC News’ Luke Barr and Alexander Mallin contributed to this report.