A federal indictment alleges that the hacker who breached Capital One’s customer data did so as part of a broader attack that impacted more than 30 other businesses, government agencies, and schools.
In addition to harvesting the personal data of more than 106 million Capital One customers, the indictment says the hacker used the compromised cloud servers to mine cryptocurrency.
The indictment, filed on Wednesday in Washington State, are the first formal charges against the alleged hacker, Paige Thompson. She was arrested on July 29 based on allegations of data theft, but the charges of illicit cryptocurrency mining are new.
Yesterday’s indictment does not name the victims, but security researchers have found evidence that they may have included the Ohio Department of Transportation, Vodafone, and Michigan State University. Those would match the indictment’s description of a U.S. state agency, a foreign telecommunications conglomerate, and a U.S. public research university. The three organizations have said they are…