Ex-Amazon worker convicted of Capital One hacking

A former Amazon engineer who was accused of stealing customers’ personal information from Capital One in one of the largest breaches in the US, was found guilty of wire fraud and charges of hacking on Friday.
A Seattle jury has found that Paige Thompson, 36, had violated an anti-hacking law known as the Computer Fraud and Abuse Act, which prohibits access to a computer without authorization. The jury did not find her guilty of identity theft and access unit fraud.
Thompson had worked as a software engineer and ran an online community for other workers in her industry. In 201[ads1]9, she downloaded personal information belonging to more than 100 million Capital One customers. Her legal team claimed that she had used the same tools and methods as ethical hackers who hunt for software vulnerabilities and report them to companies so that they can be fixed.
But the Justice Department said Thompson had never planned to notify Capital One about the issues that gave her access to customer data, and that she had bragged to her online friends about the vulnerabilities she uncovered and the information she downloaded. Thompson also used his access to Capital One’s servers to extract cryptocurrency, the Justice Department said.
“She wanted data, she wanted money, and she wanted to brag,” said Andrew Friedman, an assistant U.S. attorney, in concluding arguments.
Thompson’s case attracted the attention of the technology industry due to the allegations under the Computer Fraud and Abuse Act. Critics of the law have argued that it is too broad and allows for the prosecution of so-called white hat hackers. Last month, the Ministry of Justice told prosecutors that they would no longer use the law to prosecute hackers who engaged in “security research in good faith.”
The jury discussed for 10 hours before she found Thompson guilty in five cases of gaining unauthorized access to a protected computer and damaging a protected computer, in addition to the allegations of wire fraud. She is scheduled to be sentenced on September 15.
A lawyer for Thompson declined to comment on the verdict.
Capital One discovered the breach in July 2019 after a woman who had spoken to Thompson about the data reported the problem to Capital One. Capital One provided the information to the Federal Bureau of Investigation, and Thompson was arrested shortly thereafter.
Regulators said Capital One lacked the security measures it needed to protect customer information. In 2020, the bank agreed to pay $ 80 million to settle these claims. In December, it also agreed to pay $ 190 million to people whose data had been revealed in the breach.
«Ms. Thompson used his hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to extract cryptocurrency, said Nicholas W. Brown, a U.S. attorney for the Western District of Washington, in a statement. “Far from being an ethical hacker trying to help companies with their data security, she exploited mistakes to steal valuable data and tried to enrich herself.”