The hacker behind the 2019 Capital One data breach has been sentenced to time served and five years probation by the U.S. District Court in Seattle for several federal crimes related to a sophisticated hacking scheme.
In 2019, 37-year-old Paige Thompson, a former Amazon employee known by her online nickname "erratic," was arrested after Capital One alerted the FBI of her hacking activity. Thompson's scheme involved hacking into cloud data storage accounts and stealing data and computing power for her own benefit. She was able to steal the personal information of over 100 million individuals, for which Capital One had to pay out more than $250 million to affected customers.
The U.S. Department of Justice says that Thompson built a tool to scan Amazon Web Service accounts to find misconfigured ones. Using the misconfigured accounts, she hacked in and downloaded the data of more than 30 entities, including Capital One. She also used this access to plant cryptocurrency mining software on new servers, with the gains being deposited to her online wallet.
Prosecutors asked the court to impose a seven-year sentence, writing in their memo:
"Thompson's crimes… were fully intentional and grounded in spite, revenge, and willful disregard for the law. She exhibited a smug sense of superiority and outright glee while committing these crimes…. Thompson was motivated to make money at other people's expense, to prove she was smarter than the people she hacked, and to earn bragging rights in the hacking community."
Despite the severity of her crimes, Thompson will see no additional prison time. U.S. District Judge Robert Lasnik made the decision to pass down a sentence of five years probation, citing that prison would be particularly difficult for her given her mental health issues and transgender status.
U.S. Attorney Nick Brown discusses the decision:
"While we understand the mitigating factors, we are very disappointed with the court’s sentencing decision. This is not what justice looks like. Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction."
Judge Lasnik scheduled a December 1st hearing to determine the amount of restitution Thompson must pay to her victims.
For more information on the story, see the original post from SecureWorld News, 8 Cybersecurity Facts Revealed About the Capital One Hacker.
