Seattle hacker gets probation for $250M Capital One data breach

Trending 1 year ago

A erstwhile Amazon worker based successful Seattle has been sentenced for her relation successful a immense information breach that saw Capital One slope wage retired much than $250 cardinal to affected customers.

Paige Thompson, known online by her grip “erratic,” was convicted successful June for the 2019 hack successful which much than 100 cardinal radical successful the US and Canada had their idiosyncratic accusation stolen. On Tuesday, a US District Court successful Seattle recovered Thompson blameworthy of 7 counts of machine and ligament fraud — punishable by up to 20 years successful situation — but the bundle technologist received a condemnation of clip served positive 5 years of probation, to see machine monitoring.

According to a press release from the Department of Justice (DOJ), US District Judge Robert S. Lasnik said that clip successful situation would beryllium peculiarly hard for Thompson, arsenic she is transgender and suffers from intelligence wellness issues. The DOJ is, apparently, unhappy with the outcome: successful a connection connected the case, US lawyer Nick Brown said that the section understood the mitigating factors but was “very disappointed with the court’s sentencing decision.” Brown added, “This is not what justness looks like.”

Yet from the outset, the Capital One breach presented a complicated acceptable of facts that is atypical of astir ample hacking and information theft incidents. Thompson did entree and download a immense magnitude of information without authorization aft utilizing a customized bundle instrumentality she built to scan for misconfigured Amazon Web Services accounts. (Thompson was reportedly employed by Amazon Web Services from 2015–2016.)

After gaining access, she leveraged the compromised accounts to download information from a fig of organizations, including Capital One, and obtained immense troves of delicate idiosyncratic accusation including Social Security numbers and slope relationship information. Thompson besides reportedly planted cryptocurrency mining bundle onto immoderate of the distant servers that she had gained entree to and routed the proceeds into her ain crypto accounts.

But dissimilar galore different information breach cases, it seems that determination is nary grounds Thompson sought to enrich herself from the ample volumes of idiosyncratic accusation she stole. There are nary allegations that she offered immoderate of this information for merchantability oregon fraudulently utilized banking accusation to marque purchases for herself. In fact, it seems that she uploaded immoderate details of the exploit to a publically viewable GitHub account: as CNBC reports, it was a extremity astir the GitHub information that led to her eventual arrest.

At trial, attorneys for the defence argued that Thompson ne'er attempted to nett from the hack and did not merchandise the information successful a mode that caused anyone’s individuality accusation to beryllium misused.

The Seattle Times reports that a person of Thompson’s wrote a missive of enactment successful the trial, arguing that the fiscal institutions bore work for mediocre handling of delicate information and that Thompson’s exploits had exposed the flaws successful the system.

“Paige saw a concern wherever the accusation connected which the fiscal strategy depends for its information was near utterly unguarded by its custodians,” portion of the missive said.