UPDATED 21:44 EDT / OCTOBER 05 2022

SECURITY

Former AWS employee given 5 years probation for Capital One hack

A former Amazon Web Services Inc. employee has been sentenced to time served and five years probation for stealing more than 100 million records belonging to Capital One Financial Corp. in 2019.

Paige A. Thompson, who worked for AWS as an engineer until 2016, was found guilty in June of seven charges relating to the hack, including wire fraud, illegally accessing a protected computer and damaging a protected computer.

The arguably lax sentence, described by the U.S Department of Justice as “disappointing,” was handed down by a judge in Seattle. The judge in the case, Robert S. Lasnik, is said to have been moved by a statement from Thompson, who is both transgendered and suffers from mental health issues, claiming that she hopes to make positive and meaningful contributions to society.

The judge even admitted that the sentence was surprising, taking a risk on Thompson being legitimate in her attrition.

In the case, prosecutors argued that Thompson, using the name “erratic” online, created a tool to search for misconfigured AWS accounts. That allowed her to access the accounts of more than 30 AWS customers, including Capital One, and steal their data. Other companies and organizations accessed by Thompson included UniCredit S.p.A, Vodafone plc, Ford Motor Co., Michigan State University and the Ohio Department of Transportation.

In the Capital One case, Thompson stole data that consisted of credit card applications including names, addresses, zip and postal codes, phone numbers, email addresses, dates of birth and self-reported income. The applications also included “portions of credit card customer data,” including credit scores, credit limits, balances, payment history, contact information and “fragments of transaction data.”

However, the theft of data was not Thompson’s only alleged crime. She was also alleged to have used her access to AWS servers to mine for cryptocurrency. “She wanted data, she wanted money and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in the closing arguments of the trial.

“While we understand the mitigating factors, we are very disappointed with the court’s sentencing decision. This is not what justice looks like,” U.S. Attorney Nick Brown said in a statement. “Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction.”

The sentencing came on the same day that former Uber Technologies Inc. Chief Security Officer Joe Sullivan was found guilty on charges that he covered up a security breach at Uber in 2016 that saw the theft of data relating to some 57 million Uber passengers and drivers.

Sullivan is facing up to five years in prison for covering up a hack he was not responsible for. By contrast, Thompson was responsible for the theft of nearly twice as many records from Capital One as the Uber hack and was behind the data theft versus covering it up, and that’s not counting the other companies she stole data from.

While arguing for a seven-year sentence, Brown told the court that “she exhibited a smug sense of superiority and outright glee while committing these crimes…. Thompson was motivated to make money at other people’s expense, to prove she was smarter than the people she hacked, and to earn bragging rights in the hacking community.”

Photo: Billy Hathorn/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU