Tag Archive for: thompson

Capital One Hacker Paige Thompson Sentenced to Probation


A man smokes a cigarette outside a building with a capital one logo and capital one cafe logo on the side.

Capital One has been investigated by an arm of the U.S. Department of the Treasury for its allegedly lax security measures prior to the massive 2019 hack.
Photo: MARK RALSTON/AFP (Getty Images)

Paige Thompson, an ex-Amazon software engineer who stole the credit card applications, social security numbers, and bank account numbers of more than 100 million people from Capital One, costing the company at least $270 million, was sentenced to time served and just five years probation late Tuesday in a Washington court.

The 37-year-old Thompson, who also went by the online handle “Erratic,” was found guilty in June of wire fraud, unauthorized access to a computer and damaging a protected computer. The Seattle jury acquitted her of other charges including identity theft, according to the AP. Judge Robert Lasnick said prison would be especially difficult for Thompson “because of her mental health and transgender status.

During the trial, Thompson’s attorneys argued that she never misused the personal information from the companies she hacked. The hacker’s lawyers further argued that Thompson was a white hat hacker who had been attempting to collect money from companies by pointing out vulnerabilities in their systems, according to The Seattle Times. A judge still has to decide restitution for victims of her hacks, which should be determined this December, according to the U.S. Attorney’s office. Capital One reached a settlement of $190 million with affected customers and was fined $80 million by the Treasury Department.

Prosecutors decried what they called a light sentencing, originally asking for Thompson to serve seven years. In a release, U.S. Attorney Nick Brown said prosecutors were “very disappointed with the court’s sentencing decision. This is not what justice looks like.” Prosecutors argued in court that Thompson did hundreds of millions of dollars in damage to both companies and individuals through hacks of not just Capital One, but 30 other companies, educational institutions, and more. Some of those other hacks involved personal data, but prosecutors stopped short of accusing Thompson of selling or sharing any of it.

Prosecutors also argued Thompson used a…

Source…

Federal Trade Commission publishes final updated Safeguards Rule | Thompson Coburn LLP


On October 27, 2021, the Federal Trade Commission (“FTC”) announced significant updates to the Safeguards Rule. The FTC asked for comments on the Rule in 2019, and held a public workshop on the Rule in 2020. The Final Rule was published in the Federal Register on December 9, 2021. The Rule is effective on January 10, 2022, however, most of the substantive provisions of the Rule take effect a year from the publication date.

Per the final rule summary, the amended Rule contains five primary changes:

  • “First, it adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication, and encryption. 
  • Second, it adds provisions designed to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies. 
  • Third, it exempts financial institutions that collect less customer information from certain requirements. 
  • Fourth, it expands the definition of ‘financial institution’ to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities. This change adds ‘finders’–companies that bring together buyers and sellers of a product or service– within the scope of the Rule. 
  • Finally, the Final Rule defines several terms and provides related examples in the Rule itself rather than incorporate them by reference from the Privacy of Consumer Financial Information Rule (‘Privacy Rule’).”

Substantively, the amended Rule generally follows the approach outlined in the 2019 proposal with certain amendments and clarifications.

The 2021 changes to the Safeguards Rule passed by a 3-2 vote by the FTC with the three “yes” votes coming from Democrats and 2 “no” votes from Republicans. Commissioners Noah Joshua Phillips and Christine S. Wilson dissented. Commissioner Rebecca Kelly and Chair Lina M. Khan also released a joint statement. The split vote on the final Rule, as well as on the 2019 proposed Rule, reflect a change from prior rulemakings in the security…

Source…

Researcher: Hackers Hijack Some Facebook Apps – Washington Post

Researcher: Hackers Hijack Some Facebook Apps Washington Post Roger Thompson, chief research officer for computer security firm AVG, discovered about a half-dozen Facebook games and app home pages had been compromised … and more