Seattle-based software engineer Paige Thompson faces up to 25 years in prison after being indicted on two counts related to the Capital One data breach that affected 106 million customers.
Thomson has been indicted on Federal charges for wire fraud and computer data theft related to alleged unauthorised intrusion into stored data of more than 30 companies, including Capital One.
According to the indictment, Thomson created scanning software that allowed her to identify customers of a cloud computing company - understood to be Amazon Web Services - who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers.
She then used the access to steal data - in the case of Capital One, the personal information of 106 million credit card holders and applicants in the US and Canada.
Dubbed one of the largest data breaches to hit a financial services firm, the Capital One hack is expected to cost the company between $100 million and $150 million.
In addition to stealing data, Thompson is also accused of using stolen computer power to mine cryptocurrency.
Thompson was identified after sharing information about the Capital One theft with another user on GitHub. The user informed Capital One, which contacted the FBI.