Former Amazon Employee Indicted For Allegedly Hacking Capital One’s Network, Swiping People’s Data

REUTERS/Salvador Rodriguez/File Photo

Daily Caller News Foundation logo
Chris White Tech Reporter
Font Size:

A former Amazon software engineer was indicted Wednesday for allegedly stealing sensitive data from Capital One, a move affecting millions of Americans.

Paige Thompson was charged with wire fraud, as well as computer fraud and abuse for allegedly hacking into Capital One’s network, according to Department of Justice court documents. Thompson, who is a transgender woman living in Seattle, faces nearly 25 years in prison if convicted. The crime has implications beyond those affecting Capital One’s customers.

Thompson was arrested in July for allegedly stealing personal information from more than 100 million U.S. Capital One customers, including Social Security numbers, as well as the data of an additional 6 million Canadians. Thompson’s arrest came after the former engineer posted on GitHub about the theft.

The indictment alleges Thompson used “scanning software” to obtain the stolen data — the software allowed Thompson to identify the customers of an unnamed cloud computing company that had “misconfigured their firewalls,” according to the DOJ. Thompson allegedly used stolen power from the computers accessed to “mine cryptocurrency for her own benefit.”

FILE PHOTO: The logos of Amazon, Apple, Facebook and Google are seen in a combination photo from Reuters files. REUTERS/File Photo

Amazon stored the 106 million Capital One credit-card records. Capital One blamed the incident on “a specific configuration vulnerability” in the way it uses Amazon’s cloud. The accused hacker was allegedly able to exploit a weakness in some misconfigured networks that cloud security experts frequently warn about, The Wall Street Journal reported Aug. 4.

The company has not responded to the Daily Caller News Foundation’s request for comment about Thompson’s indictment, nor has the company addressed questions about the so-called misconfigured networks. (RELATED: Trump Criticized DOD’s Potential Cloud Deal With Amazon. Now The Program Is On Hold)

Capital One estimated that 14,000 Social Security numbers of credit card customers were accessed while 80,000 bank account numbers were compromised, according to The Hill. The theft comes as Amazon is angling to land a $10 billion cloud computing program with the Department of Defense.

Defense Secretary Mark Esper is reviewing accusations of unfairness in the contract process for the program, known as Joint Enterprise Defense Infrastructure (JEDI), the Pentagon announced Aug. 1. His decision came after President Donald Trump ratcheted up criticism of the project. Amazon and Microsoft are the only two finalists.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact