A former Amazon engineer has been convicted of seven federal crimes after she was caught stealing the personal data of over 100 million people.
Following a seven-day trial and 10-hour deliberation by the jury, 36-year-old Paige A. Thompson was convicted on Friday(Opens in a new window) in the US District Court in Seattle of seven federal crimes including wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”
Thompson was arrested in July 2019 when Capital One alerted the FBI to a hacking incident. After having previously worked as an engineer at Amazon, Thompson wrote a tool that scanned Amazon Web Services (AWS) accounts for misconfigurations.
She discovered more than 30, one of which was Capital One’s account, and proceeded to steal personal data stored in the accounts as well as installing cryptocurrency mining software for her own personal gain. The hacking netted Thompson the personal data over 100 million US Capital One customers, which she then bragged about via text and online forums.
Recommended by Our Editors
In his closing arguments at the trial, Assistant United States Attorney Andrew Friedman said, “She wanted data, she wanted money, and she wanted to brag.” Now she’ll get to brag about her actions in prison.
Sentencing for Thompson is scheduled to happen on Sept. 15, and according to CNBC(Opens in a new window), wire fraud carries up to 20 years in prison, where as each of the other charges carry up to five years each.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.