Former Amazon employee convicted over 2019 Capital One hack

Photo Illustration by Alex Tai/SOPA Images/LightRocket via Getty Images

A former Amazon Web Services engineer has been found guilty of hacking into customers' cloud storage systems and stealing data. A US District Court in Seattle found Thompson guilty of seven counts of computer and wire fraud, a crime that can result in up to 20 years in prison.

Thompson was arrested for carrying out the Capital One hack. The names, birth dates, social security numbers, email addresses, and phone numbers of over 100 million people in the US and Canada were exposed in one of the largest data breeches in history. Capital One settled with affected customers for $190 million for failing to secure users' data.

According to a press release from the Department of Justice, Thompson developed a tool that scanned for misconfigured accounts and then used them to gain access to Capital One's systems. Thompson is accused of hijacking companies' server to install software that would transfer money to her personal wallet. She came forward about her actions in online forums and text messages.

There was a debate as to whether Thompson was an ethical hacker or security researcher due to her unusual candidness about her role in the Capital One attack online, and she posted customers' sensitive data on a public GitHub page. The Justice Department made it clear that it wouldn't prosecute security researchers under the computer fraud and abuse act. US prosecutors weren't sure if Thompson's actions were covered by the exception.

She exploited mistakes to steal valuable data and sought to enrich herself, according to the US attorney. Thompson will be sentenced on September 15th, 2022,