June 26, 2022

DOJ announces conviction of former tech worker responsible for cyberattack upon financial services provider

The US Department of Justice recently announced the conviction of Paige A. Thompson, a former Seattle tech worker, for devising and engaging in a scheme to hack cloud computer data storage accounts and steal data and computer power from more than 100 million Capital One customers for her personal benefit.  The DOJ reports that Thompson, who used the online alias “erratic,” developed a tool that enabled her to identify misconfigured cloud accounts and then hacked into the accounts of more than 30 entities, including Capital One Financial Corporation.  According to federal prosecutors, Thompson downloaded data from the hacked entities and used her illegal access to plant cryptocurrency mining software on new servers with the income from the mining going to her online wallet.  Thompson also allegedly bragged about the scheme and the illicit data retrieved on online forums.  After a seven-day trial, a jury found Thompson guilty on June 17, 2022 of seven federal crimes including one count of wire fraud, five counts of unauthorized access to a protected computer and one count of damaging a protected computer.   

The DOJ reports that Thompson was arrested in 2019 shortly after Capital One alerted authorities of the system hack that occurred between March and July of 2019.  As a result of the breach, Capital One was fined $80 million and settled customer lawsuits for $190 million.

DOJ Press Release