SEATTLE – Paige Thompson, a former Seattle tech worker, was convicted of seven federal crimes on Friday, all stemming from a massive Capital One hack that impacted more than 100 million people.
On July 19, 2019, Thomspon, now 36, used a tool she built to scan Amazon Web Services accounts to look for misconfigured accounts. She then used those misconfigured accounts to hack in and download the data of more than 30 entities, including Capital One bank.
With some of her illegal access, she planted cryptocurrency mining software on new servers with the income from the mining going to her online wallet, according to the US Attorney’s Office.
The hack gave her access to more than 100 million Capital One credit applications, including roughly 140,000 Social Security numbers and 80,000 bank account numbers. There is no evidence the data was sold or distributed to others.
At the time, it was believed to be the second-largest breach in U.S. history.
“Thompson spent hundreds of hours advancing her scheme, and bragged about her illegal conduct to others via text or online forums,” the U.S. Attorney’s Office said.
“She wanted data, she wanted money, and she wanted to brag,” Assistant United States Attorney Andrew Friedman said in closing arguments.
A jury deliberated for 10 hours on Friday, and Thompson was found guilty of wire fraud, five counts of unauthorized access to a protected computer and damaging a protected computer.
The jury found her not guilty of access device fraud and aggravated identity theft, which she was previously charged with.
Thompson is scheduled for sentencing on Sept. 15. She could face up to 20 years in prison.