A former Amazon engineer accused of stealing a customer’s personal information from Capital One in one of the biggest infringements in the United States was convicted Friday for wire fraud and hacking.
A Seattle jury found that 36-year-old Page Thompson violated the Anti-Hacking Act, known as the Computer Fraud and Abuse Act, which prohibits unauthorized access to computers. Her jury admitted that she was not guilty of stealing personal information or fraudulent access devices.
Thompson worked as a software engineer and ran an online community for other workers in the industry. In 2019, she downloaded the personal information of more than 100 million Capital One customers. Her legal team claimed to have used the same tools and methods as ethical hackers who report to companies to find and fix software vulnerabilities.
But the Justice Department said Thompson had no plans to warn Capital One about the issue of allowing customers access to data, boasting to online friends about the vulnerabilities she discovered and the information she downloaded. Stated. According to the Justice Department, Mr. Thompson also used access to Capital One’s servers to mine cryptocurrencies.
“She wanted data, wanted money, and wanted to brag,” US Federal Prosecutor’s Assistant Andrew Friedman said in closing arguments.
Mr. Thompson’s case has attracted attention from the technology industry due to accusations under the Computer Fraud and Abuse Act. Law critics argued that it was too broad to allow so-called white hat hackers to be prosecuted. last month, Ministry of Justice The prosecution said the law should not be used to track hackers engaged in “sincere security research.”
After 10 hours of deliberation, the jury pleaded guilty to Ms. Thompson’s five charges of gaining unauthorized access to a protected computer and damaging the protected computer, in addition to the charges of wired fraud. rice field. She will be sentenced to her sentence on September 15.
Mr. Thompson’s lawyer refused to comment on the verdict.
Capital One discovered a breach in July 2019 after a woman who spoke with Mr. Thompson about the data reported a problem to Capital One. Capital One passed the information to the Federal Bureau of Investigation, and Mr. Thompson was immediately arrested.
Regulators said Capital One lacks the security measures needed to protect customer information. In 2020, the bank agreed to pay $ 80 million to resolve these claims. In December, it also agreed to pay $ 190 million to those whose data was exposed for compromise.
“MS. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijack computer servers to mine cryptocurrencies,” said Nicholas W. Brown, a U.S. lawyer in western Washington, in a statement. increase. “Rather than becoming an ethical hacker trying to help a company’s computer security, she tried to exploit her mistakes to steal valuable data and enrich herself.”
