The wheels of justice do turn slowly. Nearly three years after a former Amazon employee was charged in the data breach of Capital One, the trial has concluded in a conviction in U.S. District Court.
The defendant, 36-year-old Paige A. Thompson, was found guilty last Friday of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. Sentencing is scheduled to occur on September 15, 2022, and Thompson could face up to 25 years in prison.
In the 2019 incident, Thompson used her hacking prowess—and insider knowledge of AWS vulnerability scanning—to steal the personal data of more than 100 million people in the U.S. and six million in Canada.
The hacker, operating under the online alias of "erratic," went on to illegally install malware on unlawfully accessed servers to mine for cryptocurrency. Thompson also posted the data on a publicly accessible GitHub page.
U.S. Attorney Nick Brown said:
"Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency. Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself."
The case was investigated by the FBI Seattle Cyber Task Force.
In the fallout from the incident, Capital One settled customer lawsuits for $190 million and was fined $80 million by Office of the Comptroller of Currency, which is part of the U.S. Treasury.