In June of this year, Thompson was found guilty of wire fraud, unauthorized access to a computer, and damaging a protected computer. The jury in Seattle found her not guilty of other charges. Thompson's mental health and gender identity would make it hard for her to get a prison sentence.
Attorneys for Thompson argued that she never used the personal information from the companies she hacked. Lawyers for the hacker argued that Thompson was a white hat hacker who was trying to collect money from companies by pointing out vulnerabilities in their systems. According to the U.S. Attorney's office, the judge needs to make a decision on the victims' compensation in December. Capital One was fined 80 million dollars by the Treasury Department.
The prosecutors wanted Thompson to serve seven years in prison. Brown said prosecutors were very disappointed with the court's decision. This isn't justice at all. According to prosecutors, Thompson did hundreds of millions of dollars in damage to both companies and individuals through hacks of 30 other companies, educational institutions and more. Thompson was not accused of selling or sharing any of the data from the other hacks.
Thompson was accused of using a digital tool she built herself to download companies' user data. She used the tool to plant software on other companies' computers that would allow her to take control of the money.
Thompson bragged about the data hack on social media. She said she had strapped herself with a bomb vest, dropped her dox and admitted it. She runs a hacking and cracking group on the social platform.
Capital One has been slow to update its security methodologies. Some employees at Capital One said the company had failed to address vulnerabilities before the hack. The company didn't install the software that it had bought to help detect breeches.
Gizmodo reached out to Capital One for comment on Thompson's sentencing and what the company has done to bolster its cybersecurity capabilities, but didn't hear back. Until last week, victims of the hack were able to get money from a settlement stemming from a class action lawsuit.
In 2020, the U.S. Department of the Treasury's Office of the Comptroller of Currency investigated Capital One and found that the bank ignored obvious problems with its cloud-based systems. The bank had to pay an 80 million dollar fine and set up a committee to monitor its cybersecurity standards.