The hacker behind the Capital One data breach may have also been responsible for attacks on multiple other companies, law forces have said.
Paige Thompson may have stolen data from more than 30 other organisations, according to US officials investigating the case after uncovering more evidence.
The information of around 106 million Capital One customers in the US and Canada had their personal details stolen in the attack, with information such as names, addresses and phone numbers all at risk.
- Sky customers told to change password following possible data breach
- Netflix users hit by phishing scam
- Best anti-malware software of 2019
In new court documents revealed this week, US prosecutors said they were widening their investigation into Paige A. Thompson, a 33-year-old former software engineer, suspected of carrying out the attack.
Ex-Amazon worker Thompson was reported to police by a GitHub forum users after she apparently boasted of the attack online.
The other affected companies are unknown, but some reports have named the likes of Unicredit, Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation among possible victims.
“The government's investigation over the last two weeks has revealed that Thompson's theft of Capital One's data was only one part of her criminal conduct,” a memo from law officials said.
“The servers seized from Thompson's bedroom during the search of Thompson's residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities.”
US prosecutors said the “data varies significantly in both type and amount,” but, based on currently available information, “much of the data appears not to be data containing personal identifying information.”
They added that the case against Thompson seems open-and-shut, stating, “the evidence that Thompson committed this crime is overwhelming.”
In total, Capital One believes the breach affected approximately 100 million individuals in the US, as well as six million more in Canada.
Around 140,000 US social security numbers and 80,000 linked bank account numbers are thought to be compromised, with about one million social insurance numbers belonging to Canadian credit card customers also affected.
Aside from names and dates of birth, the hacker also managed to obtain credit scores, limits, balances, payment history and contact information.
- Best antivirus services of 2019