By: Elaine Wang
Paige Thompson, a software engineer, was accused of gaining unauthorized access to Capital One’s customers’ personal information for the sole purpose of personal gain, and caused Capital One to pay nearly $300 million to its customers.
The ex-Amazon engineer was charged with wire fraud, hacking, and violating the Computer Fraud and Abuse Act, an anti-hacking law. In 2019, the 36-year-old downloaded more than 100 million Capital One customers’ personal information. Capital One discovered the violation in July 2019 after someone who had spoken with Ms. Thompson about the data disclosed the issue to Capital One, who then reported it to the FBI.
Ms. Thompson worked as a software engineer at Amazon and ran an online community for others who worked in the same profession. When she was charged with these crimes, Ms. Thompson’s lawyers attempted to defend her case by arguing that she had the same intentions as ethical hackers who report weaknesses in software to companies so they can be fixed.
However, the Justice Department refuted this by stating Ms. Thompson had never planned to reveal to Capital One the cracks that allowed her access to confidential information, and had even bragged to her online friends about the data she downloaded and the weaknesses she discovered. She further abused her access to Capital One’s database by using it to mine cryptocurrency.
As Andrew Friedman, an assistant U.S. attorney, stated, “She wanted data, she wanted money, and she wanted to brag.”
Additionally, in a statement, Nicholas W. Brown, the U.S. attorney for the Western District of Washington, said, “Far from being an ethical hacker trying to help companies with their computer security, she [Ms. Thompson] exploited mistakes to steal valuable data and sought to enrich herself.”
As a result of this crime, regulators stated Capital One lacked the necessary safety precautions needed to prevent hackers from accessing customers’ information. The bank agreed to pay $80 million in 2020 to resolve the argument, and following that agreed to pay $190 million to customers whose data was hacked, totaling $270 million.
A Seattle jury deliberated for 10 hours on whether to place Ms. Thompson in jail, before discovering her guilty of five charges of gaining unauthorized access to and damaging a protected computer, on top of the wire fraud charges. She is scheduled to be sentenced on September 15th.
Link to article: https://s3.amazonaws.com/appforest_uf/f1655668302581x867950589613879900/Ex-Amazon%20Worker%20Convicted%20in%20Capital%20One%20Hacking%20-%20The%20New%20York%20Times.pdf