Ex-Amazon Worker Convicted in Capital One Hacking

A former Amazon engineer accused of stealing customers’ personal information from Capital One in one of the biggest breaches in the United States was convicted on Friday of wire fraud and hacking.

A Seattle jury found that Page Thompson, 36, violated an anti-hacking law known as the Computer Fraud and Abuse Act, which prohibits access to computers without authorization. The jury found her not guilty of identity theft and access device fraud.

Ms. Thompson worked as a software engineer and ran an online community for other workers in his industry. In 2019, she downloaded the personal information of more than 100 million Capital One customers. Her legal team argued that she used the same tools and methods as ethical hackers who detect software vulnerabilities and report them to companies so they can be fixed.

But the Justice Department said Ms. Thompson never planned to warn Capital One about problems with accessing customer data, and she bragged to her online friends about the vulnerabilities she exposed and the information she downloaded. Ms. Thompson also used access to his Capital One servers to mine cryptocurrencies, the Justice Department said.

“She wanted data, she wanted money, and she wanted to brag,” said Andrew Friedman, assistant U.S. attorney, in closed arguments.

Ms. Thompson’s case caught the attention of the tech industry due to allegations under the Computer Fraud and Abuse Act. Critics of the law have argued that it is too broad and allows for the prosecution of so-called white hat hackers. Last month, the Justice Department told plaintiffs that they should no longer use the law to pursue hackers engaged in “goodwill security research.”

The jury deliberated for 10 hours before finding Ms. Thompson is convicted of five counts of obtaining unauthorized access to a protected computer and damaging a secure computer, in addition to allegations of wire fraud. She is due to be sentenced in September. 15.

Ms. Lawyer for Thompson declined to comment on the verdict.

A woman spoke to Ms. Thompson reported the problem to Capital One about the data. Capital One provided the information to the Federal Bureau of Investigation, and Ms. Thompson was immediately arrested.

Regulators say Capital One lacks the necessary security measures to protect consumer information. In 2020, the bank agreed to pay $ 80 million to settle those claims. In December, it also agreed to pay $ 190 million to people whose data had been compromised.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrencies,” said Nicholas W. The U.S. Attorney for the Western District of Washington, in a statement, said Brown. “Far from being an ethical hacker trying to help companies secure their computers, she used mistakes to steal valuable data and try to enrich herself.”

Similar Posts

Leave a Reply

Your email address will not be published.