Former AWS Employee Convicted of Capital One Hack
June 20, 2022
Hacked into Amazon Web Services and stole data and computer
power to mine cryptocurrency
A 36-year-old former Seattle tech worker was convicted in U.S.
District Court in Seattle of seven federal crimes connected to
her scheme to hack into cloud computer data storage accounts and
steal data and computer power for her own benefit, announced
U.S. Attorney Nick Brown. Paige A. Thompson a/k/a ‘erratic,’ was
arrested in July 2019, after Capital One alerted the FBI to
Thompson’s hacking activity. The jury deliberated for ten hours
following the seven-day jury trial. Thompson is scheduled for
sentencing by U.S. District Judge Robert S. Lasnik on September
“Ms. Thompson used her hacking skills to steal the personal
information of more than 100 million people, and hijacked
computer servers to mine cryptocurrency,” said U.S. Attorney
Nick Brown. “Far from being an ethical hacker trying to help
companies with their computer security, she exploited mistakes
to steal valuable data and sought to enrich herself.”
Thompson was found guilty of Wire fraud, five counts of
unauthorized access to a protected computer and damaging a
protected computer. The jury found her not guilty of access
device fraud and aggravated identity theft.
Using Thompson’s own words in texts and online chats,
prosecutors showed how Thompson used a tool she built to scan
Amazon Web Services accounts to look for misconfigured accounts.
She then used those misconfigured accounts to hack in and
download the data of more than 30 entities, including Capital
One bank. With some of her illegal access, she planted
cryptocurrency mining software on new servers with the income
from the mining going to her online wallet. Thompson spent
hundreds of hours advancing her scheme, and bragged about her
illegal conduct to others via text or online forums.
wanted data, she wanted money, and she wanted to brag,”
Assistant United States Attorney Andrew Friedman said in closing
The intrusion to Capital One accounts impacted more than 100
million U.S. Customers. The company was fined $80 million and
settled customer lawsuits for $190 million.
Wire fraud is punishable by up to 20 years in prison. Illegally
accessing a protected computer and damaging a protected computer
are punishable by up to five years in prison. The ultimate
sentence is up to Judge Lasnik who will consider the sentencing
guidelines and other statutory factors.
The case was investigated by the FBI Seattle Cyber Task Force.
The case is being prosecuted by Assistant United States
Attorneys Andrew Friedman, Jessica Manca, Tania Culbertson, and