A former Amazon employee has been convicted of hacking Capital One

A former Amazon engineer accused of stealing customers’ personal information from Capital One in one of the biggest violations in the United States was found guilty on Friday of fraud and hacking.

A Seattle jury has found that 36-year-old Paige Thompson violated a law against hackers known as the Computer Fraud and Abuse Act, which prohibits unauthorized access to a computer. The jury found him not guilty of identity theft and access device fraud.

Ms. Thompson worked as a software engineer and managed an online community for other workers in her industry. In 2019, he downloaded personal information belonging to more than 100 million customers of Capital One. His legal team argued that he used the same tools and methods as ethical hackers to hunt down software vulnerabilities and notify their companies so that they could be corrected.

But the Justice Department said Ms. Thompson was never going to warn Capital One about the problems that gave her access to consumer data, and that she was bragging to her online friends about the vulnerabilities she found and the information she downloaded. The Department of Justice said Ms. Thompson also used access to Capital One’s servers to gain cryptocurrency.

“He wanted data, money and bragging,” said Andrew Friedman, an assistant attorney for the U.S. Attorney’s Office.

Ms. Thompson’s case has attracted the attention of the tech industry over allegations of computer fraud and misuse under the Act. Critics of the law argue that it is too broad and allows for so-called. The pursuit of white hat hackers. Last month, the Justice Department told prosecutors they should no longer use the law to prosecute hackers involved in a “conscientious security investigation.”

Jurors argued for 10 hours before Ms Thompson pleaded guilty to five counts of unauthorized access to a protected computer and damage to a protected computer, in addition to fraud charges. He will be sentenced on September 15.

Ms. Thompson’s attorney declined to comment on the verdict.

Capital One discovered the breach in July 2019 after a woman who spoke to Ms. Thompson about the data reported the problem to Capital One. Capital One passed the information to the Federal Bureau of Investigation, and Ms. Thompson was arrested shortly afterwards.

Regulators said Capital One did not have the security measures needed to protect customer information. In 2020, the bank agreed to pay $ 80 million to settle these claims. In December, he also agreed to pay $ 190 million to people whose data was leaked as a result of the breach.

“Mrs. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijack computer servers to gain cryptocurrency,” said Nicholas Brown, a U.S. attorney in the Washington, D.C. “He used mistakes to steal valuable data and try to get rich.”

Leave a Comment

Your email address will not be published.