Accused Capital One hacker pleads not guilty to all charges

People walk past a Capital One bank in New York's financial district. Paige Thompson, the former Amazon Web Services employee accused of stealing personal information from the bank, pleaded not guilty Thursday. (Reuters)

Share

Written by

Paige Thompson has pleaded not guilty to all charges in connection with a data breach at Capital One that resulted in the compromise of information about roughly 106 million people.

Thompson appeared in Western District of Washington federal court on Thursday for the first time after she was arrested on July 29 on charges related to the Capital One hack.

A federal grand jury previously had indicted Thompson on two criminal counts, wire fraud and computer fraud and abuse, for which she could be sentenced to up to 25 years in prison if convicted. Upon being advised of her charges and pleading not guilty Thursday, Thompson was taken back into custody.

A jury trial is scheduled to begin Nov. 4.

Thompson, a software engineer, formerly worked for AWS, the cloud computing giant on which Capital One relies to store sensitive data. She allegedly built a customer scanning software that searched for cloud customers with misconfigured firewalls, a common oversight that could enable attackers to issue remote commands to customer servers then obtain personal data stored there.

Roughly 100 million of the people Capital One has said were affected by this breach were based in the U.S., and another 6 million in Canada. The hacker apparently obtained Capital One credit card applications, however the bank said it has no evidence the stolen data has been used for fraudulent purposes.

The government alleges Thompson also stole data from more than 30 other organizations in and outside of the U.S., though court filings have not named specific victims. AWS, in a letter to Sen. Ron Wyden, D-Ore., said it detected no “significant issues” related to this breach at other customers.

Federal attorneys from the Western District of Washington also say Thompson, upon breaching victim organizations, leveraged their computing power to mine for cryptocurrency, an activity known as cryptojacking.

Thompson’s defense attorney declined to comment Thursday. Court records from the arraignment were not immediately available.

-In this Story-

Capital One, data breach, Paige Thompson, Western District of Washington
TwitterFacebookLinkedInRedditGoogle Gmail