A 36-year-old former Amazon worker was convicted of wire fraud and pc intrusions within the U.S. for her position within the theft of private information of no fewer than 100 million individuals within the 2019 Capital One breach.
Paige Thompson, who operated underneath the web alias “erratic” and labored for the tech big until 2016, was discovered responsible of wire fraud, 5 counts of unauthorized entry to a protected pc, and damaging a protected pc.
The seven-day trial noticed the jury acquitted her of different prices, together with entry system fraud and aggravated identification theft. She is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by as much as 25 years in jail.
“Ms. Thompson used her hacking expertise to steal the non-public data of greater than 100 million individuals, and hijacked pc servers to mine cryptocurrency,” stated U.S. Legal professional Nick Brown. “Removed from being an moral hacker attempting to assist firms with their pc safety, she exploited errors to steal priceless information and sought to complement herself.”
The incident, which got here to mild in July 2019, concerned the defendant breaking into Amazon’s cloud computing programs and stealing the non-public data of roughly 100 million people within the U.S. and 6 million in Canada. This consisted of names, dates of start, Social Safety numbers, e mail addresses, and telephone numbers.
It was made attainable by growing a customized device to scan for misconfigured Amazon Internet Providers (AWS) cases, permitting Thompson to siphon delicate information belonging to over 30 entities, counting Capital One, and plant cryptocurrency mining software program within the unlawfully accessed servers to illegally mint digital funds.
Moreover, the hacker left a web-based path for investigators to comply with as she boasted about her illicit actions to others through textual content and on-line boards, the Justice Division famous. The info was additionally posted on a publicly accessible GitHub web page.
“She wished information, she wished cash, and he or she wished to brag,” Assistant U.S. Legal professional Andrew Friedman instructed the jury within the closing arguments, based on a press assertion from the Justice Division.
Capital One was fined $80 million by the Workplace of the Comptroller of the Foreign money (OCC) in August 2020 for failing to determine acceptable danger administration measures earlier than migrating its IT operations to a public cloud-based service. In December 2021, it agreed to pay $190 million to settle a class-action lawsuit over the hack.