Paige Thompson, an ex-Amazon Web Services employee, has been found guilty of hacking into Capital One. She then stole information of over 100 million people almost three years ago. It was one of the biggest data breaches, on record, in the U.S.
Thompson had worked as an engineer for Amazon. On Friday, she was convicted of wire fraud, illegally accessing a protected computer, and damaging a protected computer. These could carry a total of 25 years in prison.
After 10 hours of deliberation, Thompson was found not guilty of aggravated identity theft and accessing device fraud.
Prosecutors state that Thompson, also known as “erratic,” made a tool to look for misconfigured accounts on AWS. This gave her access to over 30 accounts that belong to Amazon clients, including Capital One, to mine that information. They added that she also used her access to a few servers in order to mine cryptocurrency were funds went to herself. What’s more, Thompson bragged about her activity online and posted customers’ identifiable information on GitHub. She also posted information about the breach on Twitter and Slack.
“She wanted data, She wanted money, She wanted to brag,” stated a state’s attorney during closing arguments.
Because of the breach, in December, Capital One agreed to a settlement of $190 million in a class-action lawsuit. They had already agreed to pay an $80 million regulatory fine. Reports note that throughout the ordeal, 120,000 social security numbers and 77,000 bank account numbers were stolen.
Thompson will be given her punishment on September 15.