On Monday, the FBI and the bank Capital One disclosed a data breach of 106 million credit card applications that compromised information like names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, and some credit scores and transaction data. It's one of the biggest breaches of a major financial institution ever. Four months after the incident occurred, within just 10 days of Capital One discovering it, the FBI has already made an arrest in connection with the crime.

Seattle resident Paige A. Thompson, 33, was charged Monday with one count of computer fraud and abuse, according to the FBI and court records. Thompson, the criminal complaint alleges, went by the hacker name "erratic" in many online accounts and forums. She allegedly exploited a misconfigured firewall to access a Capital One cloud repository and exfiltrate data sometime in March. On April 21, the FBI says, Thompson posted the data to her GitHub account, which included her full name and résumé. It is unclear whether anyone downloaded the data after she allegedly posted it, but they very well may have given that Thompson allegedly talked openly about stealing the data, even on Slack.

At least one person appears to have stumbled across the trove. On July 17, court documents say, an unidentified tipster informed Capital One of its existence by emailing the bank's responsible disclosure address with a brief warning about the data and a link to it on GitHub.

"Capital One quickly alerted law enforcement to the data theft—allowing the FBI to trace the intrusion," US attorney Brian Moran said in a statement. "I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it."

Capital One said in a statement on Monday that the stolen data related to credit card applicants and current credit card customers. The breach also affects 6 million Canadians, including one million Canadian Social Insurance numbers, in addition to the more than 100 million US consumers impacted.

"Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement," the bank said. "The FBI has arrested the person responsible, and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate."

Capital One discovered the breach on July 19. The FBI connected the incident to Thompson quickly, the criminal complaint says, because it was so easy to link the Github page where she posted information about the stolen data to her handle and real identity. From there, investigators searched Thompson's communications and worked backward to see if Capital One's system logs matched the timeline of Thompson's alleged online activity.

Thompson allegedly used the anonymity network Tor and the VPN IPredator while breaching Capital One, exfiltrating data, and posting about it on GitHub in April, and she seemed confi­dent that they would protect her identity. But these tools are far from foolproof ways of covering your tracks, especially when you're also posting about your actions on accounts linked to your real identity.

One screenshot of a Slack conversation from the criminal complaint shows an unnamed individual saying "sketchy shit, don't go to jail plz," after Thompson allegedly posted a link to information about the stolen data. A user named "erratic" replied, "I wanna get it off my server thats why Im archiving all of it lol. its all encrypted. I just don't want it around though."

Another screenshot shows some of Thompson's alleged messages sent over Twitter direct messages. "Ive basically strapped myself with a bomb vest, fucking dropping capitol ones dox and admitting it. I wanna distribute those buckets i think first. There ssns … with full name and dob."