The suspect in the crowd Data breach in 2019 from Capital One was found guilty of hacking and wire fraud on Friday. The Capital A hackone of the largest-ever breaches of a financial services company affected more than 100 million US customers and involved the theft of sensitive data, including Social Security and bank account numbers.
The hacker, Paige A. Thompson, a former systems engineer at Amazon Web Services, used a homemade tool to detect misconfigured AWS accounts and then used those accounts to hack into the systems of more than 30 organizations, including Capital One, USA. . The Ministry of Justice reports this in a press release. In addition to downloading data, she placed cryptocurrency mining software on servers and sent crypto to her online wallet, the DOJ said.
“She wanted data, she wanted money and she wanted bragging rights,” Assistant United States Attorney Andrew Friedman said in closing arguments, according to the release. The DOJ did not mention the name other organizations affected by Thompson’s activity†
After Thompson’s arrest, Amazon said it left the company three years before the hack took place. Last year, Capital One agreed to pay $190 million to settle a class-action lawsuit filed by clients. Both Capital One and Amazon Web Services denied liability, but said they would reach a settlement to avoid the time, cost and uncertainty of lawsuits.
The year before, Capital One agreed to pay $80 million to settle claims from federal banking regulators that its cybersecurity measures were flawed and that it had failed to take appropriate risk assessment steps when it started using cloud storage services. The regulators credited Capital One for how it notified customers after the hack and how it took steps to resolve issues. And the company said the security measures it had put in place before the breach helped it secure data before customer information could be disseminated or used.
In addition to wire fraud, Thompson was found guilty on five counts of unauthorized access to a protected computer and damaging a protected computer, the DOJ said. She was found not guilty of aggravated identity theft and access device fraud.
Thompson is scheduled to be sentenced Sept. 15, the DOJ said, and could face up to 20 years in prison for wire transfer fraud. Illegally entering a protected computer and damaging a protected computer can be punished with a prison sentence of up to five years.
A Thompson lawyer did not immediately respond to a request for comment on the verdict.