Former Amazon Web Services engineer Paige Thompson stole the data of more than 100 million customers of the major bank Capital One, the US District Court in Seattle ruled. She is charged with electronic fraud, five counts of unauthorized access to a secure computer, and damage to a secure computer.
The prosecutor said at the trial that Thompson "used her hacking skills to steal the personal information of more than 100 million people and hack into computer servers to mine cryptocurrency." According to him, the engineer used “security vulnerabilities to steal valuable data and sought her own enrichment.”
Thompson worked at AWS until 2016. She was arrested in 2019. Before that, Capital One informed the FBI about the hack. The investigation found that Thompson wrote a tool that looked for misconfigured Amazon Web Services accounts and received data from more than 30 customers of the service, including Capital One. Thompson then began stealing data and installing cryptocurrency mining software. The accused reported this in chat rooms and on Internet forums.
Thompson's defense argued that she used the same tools and methods as ethical hackers who look for vulnerabilities in software and report them to companies. But the Justice Department said the engineer did not plan to tell Capital One about the issues that gave her access to customer data.
Thompson's verdict will be announced on September 15. For electronic fraud, she faces up to 20 years in prison, and for each of the other charges - up to five years.
Sources: Python.Engineering, NY Times