Woman accused of Capital One hack had stolen data from 30 companies, authorities say

How will this affect vetting procedures? You’d want to know who had access to your data, and any previous shenanigans they’d been up to, but it’s extremely difficult to check, especially if they are a third party…:

In a petition filed on August 13 in federal court in Seattle, the Justice Department asserted that Paige Thompson—the former Amazon employee accused of stealing data from Capital One credit card applications—had done far more, including “major cyber intrusions that resulted in the theft of massive amounts of data from what now appears to be more than 30 victim companies.” US Attorney for Western Washington Brian Moran’s filing was for a motion to keep Thompson imprisoned until trial because she is a flight risk and “has a long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop.”

Aside from Capital One, the victim organizations have not been named by Justice officials, but the filing stated that they included “other companies, educational institutions, and other entities.” The data from these sources reviewed thus far appears largely to not include personal information.

“At this point, however, the government is continuing to work to identify specific entities from which data was stolen, as well as the type of data stolen from each entity,” Moran wrote in his filing. “The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified.”

[…]

Original article here