The Department of Justice said today that a federal grand jury has indicted software engineer Paige Thompson on two counts related to the Capital One data breach that affected over 100 million customers. The charge in the charge involves penalties of up to 25 years in prison. Thompson will be arraigned in the U.S. District Court in Seattle on September 5.
Thompson allegedly created created software that allowed her to see which customers in a cloud company (the lawsuit does not name the company, but it has been identified as Amazon Web Services) had misconfigured their firewall and accessed data from Capital One and more than other 30 companies.
Much of the information in today's indictment was already included in the FBI's criminal complaint filed in July. In the indictment, however, the Department of Justice includes the new accusation that Thompson used the cloud servers she allegedly violated for cryptocurrency. Although Thompson had previously referred to encryption, or stolen the processing power of others to mine cryptocurrency, in Slack reports reported by Forbes, today's indictment does not contain new evidence as to why the Department of Justice is making these allegations.
Research has found that cryptojacking may be on the rise, partly because many organizations do not have adequate security measures in place.
In its statement, the Department of Justice said it has identified some of the victims of the data breach, including a state agency and a public research university located outside the state of Washington and a telecommunications conglomerate outside the United States. The charges did not name the victims, but security firm CyberInt has said that Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may be victims of the data breach, which also included 1