A federal grand jury has indicted a former Amazon software engineer who acquired personal information of over 100 million people in the massive data breach at Capital One and other organizations on charges of wire fraud and computer data theft, the United States Department of Justice announced on Wednesday.
Paige Thompson, 33, of Seattle, was arrested July 29 for allegedly hacking into Capital One and acquiring sensitive data from more than 100 million credit card applications.
Thompson allegedly made software that permitted her to observe which customers of a cloud computing company (Supposedly Amazon Web Services, but the indictment does not name the company) had misconfigured their firewalls and illegally accessed data from Capital One and more than 30 other organizations. She deployed outside commands to penetrate and access such servers without permission.
Thompson was accused of not merely breaching a cloud computing company’s servers, but of stealing data and utilizing stolen computer power to mine cryptocurrencies for her own financial benefit — commonly referred to as cryptojacking.
Researchers have discovered that cryptojacking could be increasing, partially since numerous organizations have not implemented sufficient security measures.
According to the Department of Justice, some of the other victims that Thompson is accused of hacking included a telecommunications conglomerate, a state agency (Outside of Washington), and a public university. They were not identified in the indictment, but Israeli security firm CyberInt stated that Michigan State University, Ford, Ohio Department of Transportation and Vodafone might have been victims of the security breach.
The hacker acquired approximately 140,000 Social Security numbers and 80,000 linked bank account numbers. Significantly, Thompson did not obtain access to credit card account numbers, and prosecutors said that there is no evidence that she sold or utilized the stolen data, but the damage is still enormous.
The indictment comes days after the software engineer, a transgender woman, made her initial appearance in a federal court in July seeking to be released from the Federal Detention Center in SeaTac and be put in a halfway house. Thompson currently resides in the men’s branch of the detention center, and her attorney contended that the facility is not well suited to care for someone with gender dysphoria.
Judge Michelle Peterson rejected Thompson’s request, agreeing with federal prosecutors that the hacker is considered a severe flight risk. Thompson lacks stable residence or local family relations, is employed, and holds a history of drug abuse and mental health problems. As reported by authorities, Thompson has made threats to commit suicide and shoot up a California social media company’s office.
Peterson said that Thompson’s behavior was erratic and bizarre. Nevertheless, the judge commented on Thompson’s talent and technical skill: “You are highly talented and have the means and ability to create havoc in our banking system.”
Thompson is scheduled to be arraigned in U.S. District Court in Seattle on Sept. 5 and may face up to 25 years in jail if convicted.