A jury in the US District Court in Seattle convicted 36-year-old former Seattle tech worker Paige Thompson (online nickname “erratic”) of wire fraud and computer intrusions for her role in the 2019 Capital One data breach.
The breach was very significant, impacting more than 100 million customers. The company had to pay an $80 million fine and was forced to settle customer lawsuits for a total of $190 million.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown in last week’s press release. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”
The jury found Thompson guilty of wire fraud, along with five counts of unauthorized access to a protected computer and damaging a protected computer. However, it found her not guilty of access device fraud and aggravated identity theft.
The prosecutors revealed that Thompson built and used a tool that allowed her to scan Amazon Web Services accounts to look for misconfigured accounts. She then used that information to hack into the accounts of more than 30 entities, including Capital One, and downloaded their data. After gaining access, she planted cryptocurrency mining software on new servers before directing the income from the mining to her online wallet.
Thompson is scheduled for sentencing by US District Judge Robert S. Lasnik on Sept. 15, 2022. According to the prosecutors, wire fraud on its own is punishable by up to 20 years in prison, while the remaining charges could add an extra 10 years.