PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Capital One Hacker Accused of Targeting 30 Other Companies

Servers seized from Paige Thompson's home indicate that she also stole data from 30 other companies and organizations, according to federal prosecutors. Whether the data is sensitive is still being determined.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Federal prosecutors are investigating whether the alleged Capital One hacker, Paige Thompson, also stole data from more than 30 other companies and organizations, according to a new court filing.

The feds point to servers seized from Thompson's home when investigators arrested the 33-year-old Seattle native last month. The servers "include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions and other entities," prosecutors said in the court filing.

Federal investigators are still examining whether the data from the other victims holds any sensitive information. "For example, much of the data appears not to be data containing personal identifying information," the prosecutors said. Nevertheless, the US is preparing to charge Thompson with additional crimes based on the data found on the seized server.

"Although not all of those intrusions involved the theft of personal identifying information, it appears likely that a number of the intrusions did," prosecutors added.

Thompson, a former Amazon Web Services engineer, was arrested last month on charges she exploited a vulnerability in Capital One's databases to steal credit card application documents from 106 million people, most of them in the US. In a Slack channel she used prior to her arrest, Thompson indicated she had also hacked several additional organizations, including Ford, Vodafone, Infoblox, and the Ohio Department of Transportation.

The court filing refrains from naming the other companies and groups Thompson allegedly collected data from. However, the Ohio Department of Transportation told PCMag it appears Thompson pulled only public data from its servers. VodaFone and Infoblox say they've found no indications that they were breached.

Recommended by Our Editors

Wikipedia Editors Could Strike Following Layoffs
Wikipedia Editors Could Strike Following Layoffs
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets

According to Tuesday's court filing, Thompson claims she never sold or shared the data she allegedly stole from Capital One and the other companies. So far, federal agents have uncovered no evidence to suggest she's lying, but they continue to investigate.

In the court filing, the prosecutors called for Thompson's detention on fears she could commit additional cyber intrusions or attempt to flee the country. The prosecutors also cited Thompson's "long history" of threatening to kill others and to commit "suicide by cop."

Thompson is scheduled to appear in court for her detention hearing on Thursday.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio