Capital One isn't the only company that-- she hit more than 30 additional organizations, including businesses and educational groups, federal prosecutors said in a memorandum filed in Seattle on Tuesday.
"The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified," prosecutors said in the memo.
Prosecutors didn't name the additional companies Thompson allegedly hacked, and they said she didn't appear to steal data from all of them. The type of data she allegedly did steal is varied, and much of it doesn't contain personal information, lawyers for the US Attorney's office in western Washington said in the memo.
What's more, the investigation hasn't uncovered any indication that Thompson sold the data or shared it with cybercriminals. However, the lawyers added, the investigation is in its early stages.
Lawyers for Thompson didn't immediately respond to a request for comment. The memo follows charges against Thompson filed in July that allege she stole the data of 100 million US residents and 6 million Canadians, including names, addresses and phone numbers. A smaller number of Social Security numbers -- 140,000 -- were among the stolen data, along with 80,000 bank account numbers, Capital One said.
The prosecutors' memo also describes Thompson as a risk to herself and the community, saying she'd made threats to shoot people, had talked about committing suicide "by cop" (by forcing police to kill her) and had been the subject of a restraining order for harassment.
At the time of Thompson's arrest, a roommate, Park Quan, was found to have a stockpile of weapons that included 14 firearms, in addition to ammunition and explosives. Quan had previous felony convictions and wasn't allowed to own firearms.
Originally published Aug. 15, 11:33 a.m. PT.
Correction, 11:39 a.m.: This story has been updated to reflect that the memorandum was filed on Tuesday.
Update, 11:39 a.m.: Adds background.