A former software engineer at Amazon Web Services was convicted of wire fraud and computer intrusions in the U.S. for her role in the 2019 theft of personal data of nearly 100 million people in the Capital One Data Breach.
Paige Thomson was found guilty of wire fraud and five counts of unauthorized access to a protected computer and damaging a protected computer.
She was acquitted of other charges which included aggravated identity theft and access device fraud.
The incident in question was the 2019 Capital One data breach where the personal information of 100 million credit card applicants in the United States and 6 million in Canada was released to ransomers.
The information included names, dates of birth, Social Security numbers, email addresses and phone numbers.
Capital One has since assured its customers that “no credit card account numbers or log-in credentials were compromised” and that more than 99% of the Social Security numbers that the company has on file weren’t affected.
Thomson was accused of using a custom tool to located misconfigured Amazon Web Service servers and using these servers to siphon out data as well as to plant cryptocurrency mining software.
“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman told the jury in the closing arguments, according to a press statement from the Justice Department.
In December 2021, Capital One agreed to pay $190 million to settle a class action lawsuit regarding the data breach.