Ex-Amazon Worker Convicted in Capital One Hacking


Former Amazon engineer accused of stealing customer personal information from Capital One in one of the largest infractions in the United States, was found guilty of wire fraud and hacking charges on Friday.

The jury in Seattle concluded that Paige Thompson, 36, violated an anti-hacking law known as the Computer Fraud and Abuse Act, which prohibits access to a computer without permission. The jury found her not guilty of identity theft and access device fraud.

Ms. Thompson worked as a software engineer and ran an online community for others in her industry. In 2019, she uploaded personal information belonging to more than 100 million Capital One customers. Her legal team claimed that she used the same tools and methods as ethical hackers who look for vulnerabilities in software and report them to companies so they can be fixed.

But the Justice Department said that Ms. Thompson never planned to tell Capital One about the issues that gave her access to customer data, and that she bragged to her online friends about the vulnerabilities she discovered and uploaded information. Ms. Thompson also used her access to Capital One’s servers to mine cryptocurrencies, the Justice Department said.

“She needed data, she needed money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in his closing speech.

Ms. Thompson’s case caught the attention of the technology industry because of allegations under the Computer Fraud and Abuse Act. Critics of the law argue that it is too broad and allows so-called white hat hackers to be prosecuted. Last month, Ministry of Justice told prosecutors they should no longer use the law to prosecute hackers who were doing “good faith security research.”

The jury deliberated for 10 hours before finding Ms. Thompson guilty of five counts of gaining unauthorized access to a secure computer and damaging a secure computer, in addition to charges of wire fraud. She is to be sentenced on September 15th.

Ms Thompson’s lawyer declined to comment on the verdict.

Capital One discovered the breach in July 2019 after a woman who spoke to Ms. Thompson about the data reported a problem to Capital One. Capital One turned the information over to the Federal Bureau of Investigation, and Ms. Thompson was arrested soon after.

Regulators have said that Capital One lacks the security measures needed to protect customer information. In 2020, the bank agreed to pay $80 million to resolve these claims. In December, he also agreed to pay $190 million people whose data was exposed as a result of a hack.

“RS. Thompson used her hacking skills to steal the personal information of over 100 million people and hack into computer servers to mine cryptocurrency,” said Nicholas W. Brown, U.S. Attorney for the Western District of Washington. “Far from being an ethical hacker, trying to help companies with their computer security, she used bugs to steal valuable data and sought to enrich herself.”


Please enter your comment!
Please enter your name here