The suspect in the broad 2019 knowledge breach of Capital One used to be learned responsible Friday of hacking and wire fraud prices. The Capital One hack, one in all the supreme-ever breaches of a financial services firm, affected bigger than 100 million US potentialities and involved the theft of ravishing knowledge including Social Safety and checking story numbers.
The hacker, Paige A. Thompson, a old methods engineer at Amazon Web Providers and products, feeble a self-made tool to detect misconfigured AWS accounts and then employ those accounts to hack into the methods of bigger than 30 organizations, including Capital One, the US Department of Justice acknowledged in a liberate. In addition to downloading knowledge, she planted cryptocurrency mining machine on servers and directed crypto to her online wallet, the Justice Department acknowledged.
“She wanted knowledge, she wanted cash, and he or she desired to brag,” Assistant United States Lawyer Andrew Friedman acknowledged in closing arguments, according to the liberate. The Justice Department didn’t title the opposite organizations plagued by Thompson’s process.
Following Thompson’s arrest, Amazon acknowledged she’d left the firm three years before the hack took space. Final year, Capital One agreed to pay $190 million to settle a class-action lawsuit filed by potentialities. Each and every Capital One and Amazon Web Providers and products denied liability nonetheless acknowledged they’d settle to maintain away from the time, expense and uncertainty of litigation.
The year before, Capital One agreed to pay $80 million to settle claims by federal bank regulators that its cybersecurity measures fell brief and that it didn’t position perfect chance overview steps in space when it started using cloud storage services. The regulators gave Capital One credit score for the style it notified potentialities after the hack and the diagram in which it took steps to remedy problems. And the firm acknowledged safeguards it had achieve aside in space before the breach helped it right knowledge before any buyer information would be disseminated or feeble.
In addition to wire fraud, Thompson used to be learned responsible of 5 counts of unauthorized win entry to to a right pc and damaging a right pc, the Justice Department acknowledged. She used to be learned no longer responsible of aggravated id theft and win entry to instrument fraud.
Thompson is scheduled to be sentenced Sept. 15, the Justice Department acknowledged, and faces up to 20 years in jail for wire fraud. Illegally accessing a right pc and damaging a right pc are punishable by up to 5 years in jail, the agency acknowledged.
A attorney for Thompson didn’t straight away acknowledge to a requirement for comment on the choice.