A signage is on the outside of a Capital One Financial Corp coffee shop on Tuesday, July 18, 2017. installed in Walnut Creek, California, USA.
Bloomberg | Getty Images
A former Amazon Web Services employee has been convicted of hacking into Capital One and stealing the data of more than 100 million people in one of the largest data breaches in the United States nearly three years ago.
Paige Thompson, who worked as an engineer for the software giant until 2016, was found guilty on Friday of seven federal crimes, including wire fraud, which carries up to 20 years in prison. The other charges, illegally accessing a protected computer and damaging a protected computer, are punishable by up to five years in prison. A jury found Thompson not guilty of aggravated identity theft and access device fraud after 10 hours of deliberations, a press release said.
Prosecutors argued that Thompson, working under the name erratic, created a tool to look for misconfigured accounts on AWS. This enabled it to hack into the accounts of more than 30 Amazon customers, including Capital One, and mine that data. Prosecutors argued Thompson also used her access to some of the servers to mine cryptocurrency, which went into her own wallet.
“She wanted data, she wanted money, and she wanted to show off,” Assistant United States Attorney Andrew Friedman said of Thompson in closing arguments during the week-long trial.
Capital One agreed in December to pay $190 million to settle a class action lawsuit alleging the violation, in addition to an earlier agreement to pay $80 million in fines. The stolen data included about 120,000 social security numbers and about 77,000 bank account numbers, according to the complaint.
An attorney representing Thompson did not immediately respond to a request for comment.
US District Judge Robert S. Lasnik set Thompson’s sentencing date of September 15.
Subscribe to CNBC on YouTube.