A previous Amazon engineer who was accused of stealing customers’ individual information and facts from Cash 1 in a single of the largest breaches in the United States was identified guilty of wire fraud and hacking rates on Friday.
A Seattle jury found that Paige Thompson, 36, had violated an anti-hacking regulation recognized as the Computer Fraud and Abuse Act, which forbids access to a personal computer without authorization. The jury found her not responsible of identity theft and entry gadget fraud.
Ms. Thompson had labored as a software program engineer and ran an on line local community for other employees in her industry. In 2019, she downloaded private information belonging to much more than 100 million Money A person buyers. Her authorized group argued that she experienced made use of the exact same resources and solutions as ethical hackers who hunt for software vulnerabilities and report them to companies so they can be fastened.
But the Justice Department said that Ms. Thompson experienced in no way prepared to notify Cash A single to the troubles that gave her accessibility to customers’ knowledge, and that she experienced bragged to her on the internet close friends about the vulnerabilities she uncovered and the information she downloaded. Ms. Thompson also applied her accessibility to Cash One’s servers to mine cryptocurrency, the Justice Department stated.
“She desired details, she required money, and she required to brag,” Andrew Friedman, an assistant U.S. lawyer, said in closing arguments.
Ms. Thompson’s scenario attracted consideration from the tech field due to the fact of the charges below the Laptop Fraud and Abuse Act. Critics of the law have argued that it is as well wide and makes it possible for for the prosecution of so-identified as white hat hackers. Past thirty day period, the Justice Division advised prosecutors that they ought to no more time use the regulation to pursue hackers who engaged in “good-faith protection research.”
The jury deliberated for 10 hrs prior to getting Ms. Thompson responsible of five counts of attaining unauthorized obtain to a shielded laptop and harmful a safeguarded laptop, in addition to the wire fraud expenses. She is scheduled to be sentenced on Sept. 15.
A attorney for Ms. Thompson declined to comment on the verdict.
Money 1 discovered the breach in July 2019 just after a girl who had spoken with Ms. Thompson about the details documented the trouble to Cash 1. Funds One particular handed the data to the Federal Bureau of Investigation, and Ms. Thompson was arrested quickly immediately after.
Regulators claimed Capital One particular lacked the safety measures it desired to safeguard customers’ information. In 2020, the lender agreed to pay $80 million to settle these statements. In December, it also agreed to spend $190 million to persons whose info had been exposed in the breach.
“Ms. Thompson used her hacking competencies to steal the particular info of much more than 100 million men and women, and hijacked laptop servers to mine cryptocurrency,” claimed Nicholas W. Brown, the U.S. legal professional for the Western District of Washington, in a statement. “Far from currently being an ethical hacker seeking to assistance firms with their personal computer safety, she exploited issues to steal beneficial facts and sought to enrich herself.”