A former Amazon Web Services (AWS) employee has been found guilty of multiple crimes connected to one of the largest data breaches in US history. Paige Thompson, 36, who operated under the alias ‘erratic,’ was responsible for the infamous Capital One hack in 2019, where she obtained the personal information of over 100 million individuals by exploiting misconfigured accounts on AWS.
As a result of the breach, Capital One reached a $190 million settlement with affected customers, and the Treasury Department imposed an $80 million fine on the company for its failure to protect customer data. Following the data theft, Thompson mined the information and installed cryptocurrency miners on some AWS servers.
A federal jury recently convicted Thompson of seven federal crimes, including wire fraud, illegally accessing a protected computer, and damaging a protected computer. US Attorney Nick Brown stated that Thompson used her hacking skills to steal personal information and hijack computer servers for financial gain, rather than ethical purposes.
While Thompson was acquitted of aggravated identity theft and access device fraud due to her attorneys arguing mental health issues and lack of intent to profit from the stolen data, court documents revealed that she spent extensive time advancing her illegal activities and boasted about them online.
Thompson’s sentencing is scheduled for September 15, where Judge Lasnik will consider the severity of her crimes. Wire fraud carries a maximum sentence of 20 years in prison, while illegally accessing and damaging a protected computer can lead to up to five years of imprisonment.
This case serves as a reminder of the importance of cybersecurity measures and the severe consequences of exploiting vulnerabilities for personal gain. It also highlights the need for companies to prioritize data protection and invest in robust security protocols to prevent such breaches from occurring in the future.