Former Amazon engineer convicted in 2019 Capital One data breach

A Seattle jury has discovered Paige Thompson, a former Amazon software program engineer accused of stealing information from Capital One in 2019, responsible of wire fraud and 5 counts of unauthorized entry to a protected laptop. The Capital One hack was one of many largest safety breaches within the US and compromised the information of 100 million folks within the nation, together with 6 million folks in Canada. Thompson was arrested in July that yr after a GitHub consumer noticed her publish on the web site sharing details about stealing information from servers storing Capital One data. 

In keeping with the Division of Justice, Thompson used a instrument she constructed herself to scan Amazon Internet Providers for misconfigured accounts. She then allegedly used these accounts to infiltrate Capital One’s servers and obtain over 100 million folks’s information. The jury has determined that Thompson violated the Laptop Fraud and Abuse Act by doing so, however her attorneys argued that she used the identical instruments and methodology additionally utilized by moral hackers.

The Justice Division lately amended the Laptop Fraud and Abuse Act to guard moral or white hat hackers. So long as researchers are investigating or fixing vulnerabilities in “good religion” and are not utilizing the safety holes they uncover for extortion or different malicious functions, they will not be charged underneath the legislation.

US authorities, nonetheless, disagreed with the assertion that she was solely attempting to reveal Capital One’s vulnerabilities. The Justice Division mentioned she planted cryptocurrency mining software program onto the financial institution’s servers and despatched the earnings straight to her digital pockets. She additionally allegedly bragged in regards to the hack on on-line boards. 

“Removed from being an moral hacker attempting to assist firms with their laptop safety, she exploited errors to steal priceless information and sought to complement herself,” US Legal professional Nick Brown mentioned. Thompson might be sentenced with as much as 20 years of jail time for wire fraud and as much as 5 years for every cost of illegally accessing a protected laptop. Her sentencing listening to is scheduled for September fifteenth.