A former Amazon employee, Ms. Paige Thompson, 36-year-old, from U.S was accused of wire fraud and computer intrusions for her action in the theft of personal data of more than 100 million people in the 2019 Capital One breach. She worked for the tech giant till 2016, and was found guilty of wire fraud, quintuple of unauthorized access to a protected computer, and vandalizing a protected computer.
The seven-day trial saw the jury exonerate her of other charges, which includes access device fraud and nettle identity theft. She is line up for sentencing on September 15, 2022. Mounting to punishable by up to 25 years in prison for the offenses.
She used her hacking skills to loot the personal information of more than 100 million people, and seize computer servers to mine cryptocurrency. As an ethical hacker by role, she was supposed to help companies with their computer security, but instead she exploited her skills to steal valuable data and sought to enrich herself.
The fraud incident, which came to vision in July 2019, involved the appellant breaking into Amazon's cloud computing systems and looting the personal information of roughly around 100 million individuals in the U.S. and around six million in Canada. This information contained of names, dates of birth, Social Security numbers, email addresses, and phone numbers.
She developed a custom tool to scan for misconfigured Amazon Web Services (AWS) instances, which allow Ms. Thompson to drain out sensitive data belonging to over 30 entities, including Capital One, and cultivate cryptocurrency mining software in the illegitimate accessed servers to illegally mint digital currency. The data was also published on a publicly accessible GitHub page. Furthermore, she proscribed her activities to others via text and online forums.
What she wanted is data which gave her a lot of money. Capital One was charged a fine of $80 million by the Office of the Comptroller of the Currency (OCC) in August 2020 for failing to establish proper risk management measures before shifting its IT operations to a public cloud-based service. Eventually, it agreed to pay $190 million to settle a class-action lawsuit over the hack, in December 2021.