Ex-Amazon Worker Convicted in Capital One Hacking

A former Amazon engineer accused of stealing customers’ personal information from Capital One in one of the biggest breaches in the United States was convicted on Friday of wire fraud and hacking.

A Seattle jury found that Page Thompson, 36, violated an anti-hacking law known as the Computer Fraud and Abuse Act, which prohibits access to computers without authorization. The jury found her not guilty of identity theft and access device fraud.

Mrs. Thompson worked as a software engineer and ran an online community for other workers in her industry. In 2019, she downloaded the personal information of more than 100 million Capital One customers. Her legal team argued that she used the same tools and methods as ethical hackers who detect software vulnerabilities and report them to companies so they can be fixed.

But the Justice Department said Ms Thompson never planned to warn Capital One about problems with accessing customer data, and she bragged to her online friends about the vulnerabilities she discovered and the information she downloaded. Mrs Thompson also used her access to Capital One’s servers to mine cryptocurrencies, the Justice Department said.

“She wanted data, she wanted money, and she wanted to brag,” said Andrew Friedman, assistant U.S. attorney, in closed arguments.

Ms. Thompson’s case caught the attention of the tech industry due to allegations under the Computer Fraud and Abuse Act. Critics of the law have argued that it is too broad and allows for the prosecution of so-called white hat hackers. Last month, the Justice Department told prosecutors that they should not use the law to promote hackers engaged in “goodwill security research.”

Ms Thompson was convicted of five counts of obtaining unauthorized access to a secure computer and damaging a secure computer, in addition to allegations of wire fraud before the jury held a 10-hour deliberation. She is due to be sentenced on September 15.

Mrs Thompson’s lawyer declined to comment on the verdict.

Capital One discovered the breach in July 2019, when a woman spoke to Mrs. Thompson about the data, reporting the problem to Capital One. Capitol One leaked the information to the Federal Bureau of Investigation, and Mrs. Thompson was immediately arrested.

Regulators say Capital One lacks the necessary security measures to protect consumer information. In 2020, the bank agreed to pay $ 80 million to settle those claims. In December, it also agreed to pay $ 190 million to people whose data had been compromised.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrencies,” said Nicholas W. Brown, a U.S. attorney for the Western District of Washington. Far from being an ethical hacker trying to help companies secure their computers, she used bugs to steal valuable data and try to enrich herself. “

Leave a Reply

Your email address will not be published. Required fields are marked *