Ex-Amazon Employee Found Guilty of Infringing Capital One

Paige Thompson, a 36-year-old former Amazon employee, has been convicted for seven federal crimes by the US District Court in Seattle, all from a huge breach at Capital One that affected more than 100 million people.

Paige A. Thompson, a software engineer who used the online pseudonym “irregularly”, was… arrested in July 2019after Capital One reported its activities to the FBI.

Thompson used a tool she created to check AWS accounts for misconfigurations. After identifying vulnerable accounts, she hacked and downloaded data from more than 30 entities, including Capital One bank.

According to the US Attorney’s Office, Thompson also used some of her illegitimate access to install crypto mining software on new servers, with the proceeds going to her online wallet.

Thompson was able to obtain more than 100 million credit applications for Capital One, including nearly 140,000 Social Security numbers and 80,000 bank account numbers.

There is no indication that the data has been sold or shared with third parties.

After a seven-day trial, the Seattle jury found Thompson guilty of wire fraud, five counts of illegal access to a protected computer and destroying a protected computer.

Other charges against her, such as access device fraud and aggravated identity theft, were dismissed.

Thompson will be sentenced in September 2022 by U.S. District Judge Robert S. Lasnik.

“Mrs. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrency,” said US attorney Nick Brown.

“Instead of being an ethical hacker trying to help companies with their computer security, she took advantage of mistakes to steal valuable data and try to enrich herself.”

According to federal prosecutors, Thompson spent hundreds of hours working on her strategy and bragging about it to others via text and online forums.

“She wanted data, she wanted money and she wanted bragging rights,” said Assistant United States Attorney Andrew Friedman.

Thompson’s lawyers claimed that she struggled with mental health issues and never intended to profit from the information she was given, and that there was “no credible or direct evidence of a single person’s identity being misused.”

According to the Associated PressThompson’s friends and acquaintances characterized her as a talented programmer and software architect whose behavior reflected her online identity.

Thompson started working for AWS in 2015, but resigned the following year.

Some of Thompson’s friends said they think the unemployed woman, who struggled with severe depression, felt the hack could bring her attention, respect and a new job.

More than 100 million customers in the United States had their accounts compromised as a result of the infringement at Capital One† The company was fined $80 million and agreed to pay $190 million to settle consumer disputes.

Politicians too questioned Amazon about its security practices after the breach.

In a letter to then-CEO Jeff Bezos, Representatives Jim Jordan, Michael Cloud and Mark Meadows expressed concern about the data breach and its potential impact.

“The Capital One data is stored on an Amazon Web Services cloud storage service,” they wrote. “The outside person who had access to the data was allegedly a former AWS employee.”

Capital One said this week it was “happy with the outcome of the trial” and remains “grateful for the tireless work of the US Attorney’s Office in Seattle and the FBI’s Seattle Field Office in prosecuting this important case.”

Leave a Comment

Your email address will not be published.