A former Amazon engineer who was accused of stealing prospects’ private info from Capital One in one of many largest breaches in america was discovered responsible of wire fraud and hacking costs on Friday.
A Seattle jury discovered that Paige Thompson, 36, had violated an anti-hacking regulation often called the Laptop Fraud and Abuse Act, which forbids entry to a pc with out authorization. The jury discovered her not responsible of identification theft and entry gadget fraud.
Ms. Thompson had labored as a software program engineer and ran a web-based neighborhood for different staff in her business. In 2019, she downloaded private info belonging to greater than 100 million Capital One prospects. Her authorized staff argued that she had used the identical instruments and strategies as moral hackers who hunt for software program vulnerabilities and report them to firms to allow them to be fastened.
However the Justice Division stated that Ms. Thompson had by no means deliberate to alert Capital One to the issues that gave her entry to prospects’ knowledge, and that she had bragged to her on-line pals concerning the vulnerabilities she uncovered and the knowledge she downloaded. Ms. Thompson additionally used her entry to Capital One’s servers to mine cryptocurrency, the Justice Division stated.
“She needed knowledge, she needed cash, and he or she needed to brag,” Andrew Friedman, an assistant U.S. legal professional, stated in closing arguments.
Ms. Thompson’s case attracted consideration from the tech business due to the fees beneath the Laptop Fraud and Abuse Act. Critics of the regulation have argued that it’s too broad and permits for the prosecution of so-called white hat hackers. Final month, the Justice Division informed prosecutors that they need to now not use the regulation to pursue hackers who engaged in “good-faith safety analysis.”
The jury deliberated for 10 hours earlier than discovering Ms. Thompson responsible of 5 counts of gaining unauthorized entry to a protected laptop and damaging a protected laptop, along with the wire fraud costs. She is scheduled to be sentenced on Sept. 15.
A lawyer for Ms. Thompson declined to touch upon the decision.
Capital One found the breach in July 2019 after a lady who had spoken with Ms. Thompson concerning the knowledge reported the issue to Capital One. Capital One handed the knowledge to the Federal Bureau of Investigation, and Ms. Thompson was arrested quickly after.
Regulators stated Capital One lacked the safety measures it wanted to guard prospects’ info. In 2020, the financial institution agreed to pay $80 million to settle these claims. In December, it additionally agreed to pay $190 million to folks whose knowledge had been uncovered within the breach.
“Ms. Thompson used her hacking expertise to steal the non-public info of greater than 100 million folks, and hijacked laptop servers to mine cryptocurrency,” stated Nicholas W. Brown, the U.S. legal professional for the Western District of Washington, in an announcement. “Removed from being an moral hacker attempting to assist firms with their laptop safety, she exploited errors to steal priceless knowledge and sought to complement herself.”