The person responsible for the 2019 Capital One data breach was found guilty of wire and hacking charges. The hack, one of the largest thefts of customer information in recent history, involved the theft of bank account numbers and a Social Security number.
Paige Thompson compromised over 30 systems with a self-made tool. She stole data and mined for cryptocurrency, planting the software on the victim’s server.
Thompson wanted data, money and to show off. The Justice Department didn’t mention the names of other organizations she interfered with because they say they can’t release that information.
Following Thompson’s arrest, Amazon said she’d left the company three years before the hack took place. Last year, Capital One agreed to pay $190 million to settle a class-action lawsuit filed by customers. Both Capital One and Amazon Web Services denied liability but said they’d settle to avoid the time, expense and uncertainty of litigation.
The year before, Capital One agreed to pay $80 million to settle claims by federal bank regulators that its cybersecurity fell short and its inadequate risk assessment measures led to a hack. The company was also given credit for notifying customers promptly. In addition, the company says safeguards it put in place before the breach helped secure data.
Thompson was found guilty of five counts of unauthorized access to a protected computer, wire fraud, and damaging a protected computer. Thompson was not found guilty of aggravated identity theft or access device fraud.
Thompson is scheduled for sentencing on September 15. He faces up to 20 years in prison for wire fraud, as well as up to five more years for illegally accessing a protected computer and damaging one, according to the Justice Department.
A lawyer for Thompson didn’t respond by the time of the verdict’s request.