Software engineer Paige Thompson is accused of carrying out the hack. Photo / Twitter
Over months of discussions in online forums earlier this year, Paige Thompson acknowledged the personal challenges in her life: suicidal thoughts, struggles to find employment and difficulties she had faced since transitioning to a woman years before.
But those who knew her were nonetheless stunned by what came next: thearrest of Thompson on Monday on charges that she had stolen the personal data of more than 100 million Capital One customers.
Thompson, 33, had spent years lurching between a promising career as a software developer and a life of upheaval that alienated her from her friends. While she at times found community among fellow computer engineers, she on other occasions grew confrontational with them.
"It was just a lifelong thing for her," said Sarah Stensberg, a former friend. "When she gets in these phases of intensity, she does really stupid things. She'll push everyone away. She'll write threatening emails. She'll post things online about the things she's doing."
That is in part how federal investigators tracked Thompson, who went by the online persona "erratic." Prosecutors described how she seemed to boast about the data theft to those in her online community.
"I've basically strapped myself with a bomb vest," she wrote in a Slack post, according to prosecutors.
Thompson was arrested Monday on charges of computer fraud and abuse. Capital One said the intrusion affected about 100 million people in the United States and Canada. The intrusion compromised about 140,000 Social Security numbers and about 80,000 bank account numbers, Capital One said, along with about 1 million Social Insurance numbers of Canadian customers.
An attorney for Thompson did not return a call seeking comment.
Stensberg said her husband and Thompson knew each other as teenagers as part of a computer programming group in the Seattle area. Thompson had grown up in a troubled home, at one point moving out to live with another software developer, Stensberg said.
Not even 20 years old in 2005, Thompson had left Bellevue Community College to begin working a series of software development jobs, according to her résumé. But Stensberg, who said she met Thompson around 2010, recalled her disruptive behavior as immediately apparent.
At one point, Stensberg said, she and her husband took Thompson to the hospital to get her into an inpatient treatment facility. Later, after having continued issues, Stensberg said, she and her husband attempted to cut ties with Thompson.
"He always said she had a lot of potential to be very focused and do a lot in this world," Stensberg said.
Despite the troubles, Thompson's technical know-how helped her land a job at Amazon Web Services in 2015, according to her résumé. She stayed there for a little more than a year.
Amazon Web Services hosts the Capital One database that was breached, part of the company's broader line of business that involves remote data servers that companies use to store information. Large enterprises such as Capital One typically build their own web applications on top of Amazon's cloud architecture.
FBI officials said in court documents that Thompson had managed to gain access to the Capital One data through a "misconfiguration" of a firewall on a web application, allowing her to communicate with the server where the information was stored.
In search warrant records, federal investigators in Thompson's case reported that they had seized numerous devices from her and found items referring to both Capital One and Amazon, along with "other entities that may have been the targets of attempted or actual network intrusions."
After Thompson departed Amazon, Stensberg said, they continued to face problems with her. That ultimately led them to file for a protective order, with Stensberg and her husband both describing Thompson as engaging in stalking and harassment, including messages that included their home address.
Aife Dunne, an online friend, began getting to know Thompson around the same time and remembered Thompson discussing in their initial conversation whether to take her life.
Thompson, a collector of vintage electronics, talked about how she hadn't been employed in many months.
Her résumé, which she would share in online forums to seek improvements, was extensive. She listed extensive skills in programming languages, scripts, networking and Amazon Web Services. Dunne said she was competent or even advanced in her developer skills. Thompson ran a group on Meetup called Seattle Warez Kiddies, a small collective of programmers and hackers.
Dunne said there were still times in recent months when Thompson would sink into dark phases and have little support outside of her online communities.
"You wish there was someone in her life that she had someone to talk to," Dunne said.
Capital One has said it believes the intrusion occurred in March of this year, and federal prosecutors say a GitHub user alerted Capital One to the possible intrusion on July 17.
In recent days, Thompson wrote on her Twitter page about having a therapist appointment and about her dying cat. And she made reference to something momentous that was going to result in her losing her freedom.
"After this is over I'm going to go check into the mental hospital for an indefinite amount of time," she wrote on Twitter. "I have a whole list of things that will ensure my involuntary confinement from the world. The kind that they can't ignore or brush off onto the crisis clinic. I'm never coming back"