CAPITAL ONE is having one very bad week.
It was revealed on Monday that the company had been breached, with up to 100 million individuals' data swiped, leading to the arrest of a 33-year-old woman who had been boasting about the heist online, posting some of the records straight to GitHub.
Now, the company is facing a class-action lawsuit from customers affected by the breach who are accusing the banking giant of failing to take "reasonable care" with sensitive information.
The Eastern District of Virginia's District Court took delivery of papers filed by law firm Morgan and Morgan who appear to have managed to catch the speeding ambulance first.
That's in addition to an existing investigation by the New York Attorney General into whether Capital One is guilty of negligence.
But already some are questioning if Paige Thompson, who goes by the hacker handle of "Erratic", actually meant to cause harm. Some have suggested that, given that the vulnerability which let her in was down to a server configuration, she could simply have been a security researcher who got more than she bargained for.
Add to that, the fact that Ms Thompson worked at Amazon Web Services (AWS) previously, which provides Capital One with its web services, suggesting that perhaps she had an inside track on how to exploit the problem.
Thompson was caught unusually quickly after the breach and had made no attempt to hide her tracks, which makes her either misunderstood or dumb as a post. She told fellow developers on the site that she was dumping the data, still encrypted, so it was off her computer as she wanted nothing to do with it.
One security company, CyberInt, even adds that the hack may have been wider spread that Capital One - naming Vodafone and Ford amongst the high profile potential victims.
From here on in, it's going to be for the courts to decide, but whether she is a hacker or a researcher, the law will only see that she's a breacher, and that could mean $250,000 and five years in prison, if convicted, even if her intentions were benign.
In short - this one could run and run. μ
Much a (dil)do about nothing
Neither the time nor the face
The tiny tweaks are coming thick and fast now
Gitting more secure