A former Amazon engineer who has been accused Steal personal information from Capital One customers in one of the biggest violations in the United States was found guilty Friday of wire fraud and hacking charges.
That’s what a Seattle jury found out Paige Thompson, 36, had broken an anti-hacking law known as the Computer Fraud and Abuse Act, which bans unauthorized access to a computer. The jury found her not guilty of identity theft and access device fraud.
Ms. Thompson had worked as a software engineer and ran an online community for other workers in her industry. In 2019, she downloaded personal information from more than 100 million Capital One customers. Her legal team argued that she used the same tools and methods as ethical hackers who look for software vulnerabilities and report them to companies so they can be fixed.
But the Justice Department said Ms Thompson never planned to bring Capital One’s attention to the problems that gave her access to customer data and that she had bragged to her online friends about the vulnerabilities she discovered and the information she downloaded. Ms. Thompson also used her access to Capital One’s servers to mine for cryptocurrency, the Justice Department said.
“She wanted data, she wanted money, and she wanted to show it off,” Andrew Friedman, an assistant US attorney, said in the closing arguments.
Ms. Thompson’s case caught the attention of the technology industry due to charges under the Computer Fraud and Abuse Act. Critics of the law have argued that it is too broad and allows for the prosecution of so-called white hat hackers. Last month, the Department of Justice told prosecutors they should no longer use the law to prosecute hackers who conduct “bona fide security research.”
The jury deliberated for 10 hours before finding Ms Thompson guilty on five counts of gaining unauthorized access to a protected computer and damaging a protected computer, in addition to charges of wire fraud. She is due to be sentenced on September 15.
An attorney for Ms Thompson declined to comment on the verdict.
Capital One discovered the vulnerability in July 2019 after a woman who had spoken to Ms Thompson about the data reported the issue to Capital One. Capital One passed the information on to the Federal Bureau of Investigation and Ms. Thompson was arrested shortly thereafter.
“MS. Thompson used their hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrencies,” said Nicholas W. Brown, the U.S. Attorney for the Western District of Washington, in a statement: “Far from being an ethical hacker trying to help companies with their computer security, she exploited bugs to steal valuable data and sought to enrich herself.”