The U.S. Department of Justice (DOJ), has brought seven new charges against Paige Thompson. Paige Thompson is a former engineer at Amazon Web Services (AWS) and was accused of hacking Capital One, stealing personal data of over 100 million Americans.The Record obtained court documents earlier this month that revealed the new charges. They include six counts each of computer fraud and misuse and one count access device fraud. Thompson was previously indicted on one count of wire fraud and computer crime. She faced up to five years in prison and a maximum fine of $250,000. Thompson is now facing up to 20 years in prison due to the addition of charges.The number of victims has increased from four to eight in the 2019 indictment. Capital One is a U.S. State Agency, a U.S. Public Research University, and an international telecoms conglomerate. The list also includes a data protection company, an organization that specializes on digital rights management (DRM), and a supplier call center solutions. CyberInt, a security firm, previously stated that Vodafone, Ford and the Michigan State University may be among the victims.Thompson, who was known online as erratic and was identified after she boasted about her activities on GitHub. She is still accused of using her knowledge as a former software engineer at Amazon to develop a program that identified which cloud computing customers had misconfigured firewalls. The indictment does not name the company but it has been identified by Amazon Web Services. Thompson was alleged to have used the tool to obtain privileged account credentials after it had found its target misconfiguration.According to the prior indictment, Thompson was able to gain access to victims' cloud infrastructure by using stolen credentials. She then accessed and downloaded data from a server at her Seattle home. It is not clear if any of this information was shared with third parties.The theft of data from Capital One was confirmed by the company in July 2019. It included 106 million credit cards applications. This data also contained names, addresses and phone numbers. Capital One was fined $80million in August 2020 by the Federal Bureau of Investigation for the security breach. The company had replaced its cybersecurity chief four month after the incident.Prosecutors claim that Thompson stole data from at most 30 entities that shared the same cloud provider. They also claim that she used some of this access to create cryptocurrency mining operations using victim cloud computing power, a practice called cryptojacking.Thompson pleaded no guilty and was released in August 2019 on pre-trial bail. Although she was originally scheduled to stand trial in November 2019, the trial was pushed back to March 2020 because of the overwhelming amount of information that the prosecution had to analyze.Later, the trial was rescheduled for October 2020 because of the pandemic. Then, it was moved to June 2021 and October 2021. Finally, the trial was moved to March 14th 2022. Prosecutors still claim that they need more time to analyze data from Thompson's devices.
