Ex-Amazon Worker Convicted in Capital One Hacking

A former Amazon engineer who was accused of thieving customers’ individual info from Money 1 in a single of the greatest breaches in the United States was found responsible of wire fraud and hacking charges on Friday.

A Seattle jury discovered that Paige Thompson, 36, experienced violated an anti-hacking regulation recognized as the Computer system Fraud and Abuse Act, which forbids entry to a computer with no authorization. The jury identified her not guilty of identity theft and access machine fraud.

Ms. Thompson experienced worked as a program engineer and ran an on the web neighborhood for other employees in her business. In 2019, she downloaded personal info belonging to a lot more than 100 million Funds A single clients. Her authorized staff argued that she experienced applied the exact same tools and techniques as ethical hackers who hunt for software package vulnerabilities and report them to firms so they can be mounted.

But the Justice Division stated that Ms. Thompson had by no means planned to notify Money 1 to the troubles that gave her obtain to customers’ knowledge, and that she experienced bragged to her on the web pals about the vulnerabilities she uncovered and the details she downloaded. Ms. Thompson also utilised her entry to Funds One’s servers to mine cryptocurrency, the Justice Division claimed.

“She wanted data, she wished dollars, and she needed to brag,” Andrew Friedman, an assistant U.S. lawyer, claimed in closing arguments.

Ms. Thompson’s circumstance captivated attention from the tech market for the reason that of the expenses underneath the Computer system Fraud and Abuse Act. Critics of the legislation have argued that it is far too broad and lets for the prosecution of so-called white hat hackers. Final thirty day period, the Justice Section told prosecutors that they ought to no extended use the law to go after hackers who engaged in “good-religion stability exploration.”

The jury deliberated for 10 hrs prior to obtaining Ms. Thompson guilty of 5 counts of attaining unauthorized obtain to a secured personal computer and damaging a shielded laptop or computer, in addition to the wire fraud rates. She is scheduled to be sentenced on Sept. 15.

A attorney for Ms. Thompson declined to remark on the verdict.

Cash One found the breach in July 2019 just after a woman who had spoken with Ms. Thompson about the data reported the challenge to Money 1. Funds Just one handed the details to the Federal Bureau of Investigation, and Ms. Thompson was arrested quickly just after.

Regulators stated Money 1 lacked the stability actions it desired to guard customers’ details. In 2020, the lender agreed to shell out $80 million to settle people statements. In December, it also agreed to pay $190 million to people whose details experienced been exposed in the breach.

“Ms. Thompson made use of her hacking competencies to steal the personal facts of much more than 100 million individuals, and hijacked laptop or computer servers to mine cryptocurrency,” reported Nicholas W. Brown, the U.S. lawyer for the Western District of Washington, in a assertion. “Far from becoming an ethical hacker hoping to support corporations with their computer stability, she exploited errors to steal valuable details and sought to enrich herself.”