A jury in the US District Court in Seattle has convicted Paige Thompson, a 36-year-old former Seattle tech worker known online by the moniker “erratic,” of wire fraud and computer intrusions for her role in the 2019 Capital One data breach.
The breach was significant, affecting more than 100 million customers. The company had to pay an $80 million fine and was forced to settle customer lawsuits for a total of $190 million.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”
The jury found Thompson guilty of wire fraud, and five counts of unauthorized access to a protected computer and damaging a protected computer, but found her not guilty of access device fraud and aggravated identity theft.
The prosecutors showed that Thompson built and used a tool that allowed her to scan Amazon Web Services accounts to look for misconfigured accounts. Using that information, she hacked into the accounts of more than 30 entities, including Capital One Bank, and downloaded their data. With the access she gained, she planted cryptocurrency mining software on new servers, and directed the income from the mining to her online wallet.
It remains unclear if her cryptocurrency mining helped her gather significant funds, but the stolen information alone has value on the black market.
Thompson is scheduled for sentencing by US District Judge Robert S. Lasnik on Sept. 15, 2022. According to the prosecutors, wire fraud alone is punishable by up to 20 years in prison, and the rest of the charges could bring an extra 10 years.