The investigators haven't officially released the list of what they found at the apartment yet...
See the filing at: https://www.scribd.com/document/421860692/Thompson-New-Memorandum
"The government’s investigation over the last two weeks has revealed that Thompson’s theft of Capital One’s data was only one part of her criminal conduct. The servers seized from Thompson’s bedroom during the search of Thompson’s residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities. That data varies significantly in both type and amount. For example, much of the data appears not to be data containing personal identifying information. At this point, however, the government is continuing to work to identify specific entities from which data was stolen, as well as the type of data stolen from each entity. The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified."
...but 30+ companies looks like a major overstatement, based on the actual info listed on the Twitter and Slack accounts involved. (Not exactly hard to find...)
There appear to be 30+ archive files involved, but many of them are clearly from the same organization, are duplicates, or contain very little data (although some of those small files may in turn contain passwords or keys to access other systems/data).
The individual in question has claimed they include Capital One, Vodafone, Michigan State, and the Ohio DOT.
Many of the files have fairly generic names, but the ones that may (or may not!) indicate other involved organizations include: "42lines.net", "apperian", "astem", "ford", "globalgarner", "hslonboarding", "identiphy", "infobloxcto", "iwcodeacademy", "safesocial", "starofservice", "unicredit", and "wakoopa". Note that the names of the files do not necessarily indicate their true content, and some of the generically-named files may well contain additional organizations' data.