Ex-Amazon employee convicted of hacking Capital One and stealing data of over 100 million people, including social security numbers and banking info
- A former Amazon Web Service employee was convicted of seven counts of computer and wire fraud.
- The Capital One hack occurred in March 2019, resulting in the theft of more than 100 million customer data.
A former Amazon Web Services engineer has been found guilty of hacking into Capital One and stealing millions of customers' data.
Paige A. Thompson on July 17 was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer.
"Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself," said U.S Attorney Nick Brown.
Thompson, who worked under the name "Erratic," programmed software that allowed her to access Amazon's client data which was stored on their server, according to the Department of Justice. One of those clients was Capital One. Thompson also used her server access to mine cryptocurrency, Brown said. The breach occurred in March of 2019, and Thompson was arrested by the FBI in July of that year.
Thompson mined sensitive customer data that included social security numbers, date of birth, and addresses, among other information. She posted information about the hack on the cross-platform app Github, where one user reported her to Capital One, according to the DOJ.
Thompson also flaunted details of her hack through text messages and online forums, prosecutors said.
"She wanted data, she wanted money, and she wanted to brag," Assistant United States Attorney Andrew Friedman said in his closing arguments during her trial.
Capital One was fined $80 million and settled a class-action lawsuit for $190 million on April 22.
Thompson faces five years in prison, the DOJ said. She was found not guilty of access device fraud and aggravated identity theft.