In 2019, a 36-year-old Seattle woman by the name of Paige Thompson hacked into Capital One data and was convicted for 7 cases of wire fraud. After many hours of debate, the jury concluded that Paige Thompson was guilty, and her charges could stack up to 20 years in jail. Her sentence will be decided on September 5th.
Thompson managed to steal 120,000 social security numbers, 77,000 bank account numbers, and some of Capital One’s servers; she used the servers to mine cryptocurrency. Using a tool, she searched through the accounts in AWS for misconfigured accounts, accounts that didn’t have proper setup or security, and Capital One was one of these misconfigured accounts. Capital One was fined $80,000,000 by the Department of Treasury for not having proper security and $190,000,000 to the customers who had their data leaked.
Thompson worked for AWS under a Capital One division and the data she stole was under this division. She worked for AWS until 2016, when she lost her job. After hacking into Capital One, Thompson bragged about the data she leaked online, using her username “erratic”, which led to her conviction. In the closing arguments, Assistant United States Attorney Andrew Friedman said, “she wanted data, she wanted money, and she wanted to brag.”
The case had many arguments for both sides. Thompson’s supporters claimed that she was suffering from mental illnesses such as depression. Because of these supposed illnesses, she felt pressured to hack into Capital One to attract attention and land a job. They also mentioned that she never did anything malicious with the data, and merely hacked into Capital One as a security test.
On the other hand, US prosecutors argued that Thompson’s online bragging clearly insinuates malice intent, and her hack certainly couldn’t be counted as security research. US Attorney Nick Brown said in a statement, “far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.” Furthermore, prosecutors claimed that her use of software to take servers and mine crypto displayed her ill intent.
Sources:
https://www.eyrewritingcenter.com/products/the-ewc-journal-2022/categories/2149894486/posts/2156142689
https://www.theverge.com/2022/6/18/23173727/former-amazon-employee-convicted-over-2019-capital-one-hack-paige-thompson
https://nypost.com/2022/06/18/seattle-woman-paige-thompson-convicted-in-massive-capital-one-hack/
https://www.justice.gov/usao-wdwa/united-states-v-paige-thompson
Thompson managed to steal 120,000 social security numbers, 77,000 bank account numbers, and some of Capital One’s servers; she used the servers to mine cryptocurrency. Using a tool, she searched through the accounts in AWS for misconfigured accounts, accounts that didn’t have proper setup or security, and Capital One was one of these misconfigured accounts. Capital One was fined $80,000,000 by the Department of Treasury for not having proper security and $190,000,000 to the customers who had their data leaked.
Thompson worked for AWS under a Capital One division and the data she stole was under this division. She worked for AWS until 2016, when she lost her job. After hacking into Capital One, Thompson bragged about the data she leaked online, using her username “erratic”, which led to her conviction. In the closing arguments, Assistant United States Attorney Andrew Friedman said, “she wanted data, she wanted money, and she wanted to brag.”
The case had many arguments for both sides. Thompson’s supporters claimed that she was suffering from mental illnesses such as depression. Because of these supposed illnesses, she felt pressured to hack into Capital One to attract attention and land a job. They also mentioned that she never did anything malicious with the data, and merely hacked into Capital One as a security test.
On the other hand, US prosecutors argued that Thompson’s online bragging clearly insinuates malice intent, and her hack certainly couldn’t be counted as security research. US Attorney Nick Brown said in a statement, “far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.” Furthermore, prosecutors claimed that her use of software to take servers and mine crypto displayed her ill intent.
Sources:
https://www.eyrewritingcenter.com/products/the-ewc-journal-2022/categories/2149894486/posts/2156142689
https://www.theverge.com/2022/6/18/23173727/former-amazon-employee-convicted-over-2019-capital-one-hack-paige-thompson
https://nypost.com/2022/06/18/seattle-woman-paige-thompson-convicted-in-massive-capital-one-hack/
https://www.justice.gov/usao-wdwa/united-states-v-paige-thompson