A former Amazon Web Services employee was convicted of hacking into Capital One and stealing the data of more than 100 million people nearly three years ago in one of the largest data breaches in the United States.
Paige Thompson, who worked for the software giant as an engineer until 2016, was found guilty on Friday of seven federal crimes, including wire fraud, which carries up to 20 years in prison. The other charges, illegally accessing a protected computer and damaging a protected computer, are punishable by up to five years in prison. A jury found Thompson not guilty of aggravated identity theft and access device fraud after 10 hours of deliberations, a release said.
Prosecutors argued that Thompson, who worked under the name “erratic,” created a tool to search for misconfigured accounts on AWS. That allowed her to hack into accounts from more than 30 Amazon clients, including Capital One, and mine that data. Prosecutors argued Thompson also used her access to some of the servers to mine cryptocurrency that went to her own wallet.
“She wanted data, she wanted money, and she wanted to brag,” Assistant United States Attorney Andrew Friedman said of Thompson in closing arguments during the week-long trial.
Capital One in December agreed to pay $190 million to settle a class-action lawsuit over the breach, in addition to an earlier agreement to pay $80 million in regulatory fines. The data stolen included about 120,000 social security numbers and roughly 77,000 bank account numbers, according to the complaint.
An attorney representing Thompson did not immediately respond to a request for comment.
U.S. District Judge Robert S. Lasnik set Thompson’s sentencing for Sept. 15.