The U.S. Department of Justice has filed additional charges against Paige A. Thompson, the former engineer at Amazon Web Services Inc., which allegedly founded Capital One Financial Corp. in 2019. which resulted in the theft of 100 million customer records.
Thompson was first indicted and accused of hacking Capital One and a number of other companies and organizations in August 2019. These companies and organizations include UniCredit SpA, Vodafone plc, Ford Motor Co., Michigan State University, and the Ohio Department of Transportation.
The methodology in each hacking case is said to have been the same as in the Capital One breach. Thompson allegedly developed scanning software while working at AWS that enables her to identify customers who had misconfigured their access. After discovering this, she allegedly stole her customer databases.
In the case of Capital One, Thompson allegedly stole data from a misconfigured Amazon S3 storage instance. Thompson’s intent to steal and divulge stolen data has always been unclear, although Thompson was also allegedly involved in maliciously installing cryptomining scripts on compromised servers.
Thompson was initially charged with wire transfer fraud and computer fraud on two counts. As of now, the Justice Department has reportedly added seven new charges Court documents submitted on June 17th and first reported by The recording Tuesday.
The new charges add up to six cases of computer fraud and abuse and one case of fraud involving access devices. Although the court document names Capital One, the remaining alleged victims are not named by Thompsons.
Along with a US federal agency, a telecommunications company outside the US, and a US public research university under the original indictment, the new indictment lists new unnamed targets. These include a digital rights management company, a data and threat protection services provider, a technology company that provides call center solutions, and a company that provides learning technology for colleges.
Although the number of Thompson’s alleged victims may have increased, the schedule hasn’t changed. Prosecutors still claim that Thompson used her access while working at AWS to discover misconfigured S3 instances and then exploit the exposed data.
Prosecutors claim Thompson downloaded more than 20 terabytes of data from more than 30 companies. Thompson pleaded not guilty and was released on a pre-litigation bond in August 2019. The trial is scheduled for March 2022 after being postponed during COVID-19. If found guilty, Thompson faces a prison sentence of up to 20 years.
Show your support for our mission by joining our Cube Club and Cube Event Community of Experts. Join the community that includes Amazon Web Services and soon Andy Jassy, CEO of Amazon.com, Michael Dell, founder and CEO of Dell Technologies, Pat Gelsinger, CEO of Intel and many more luminaries and experts.
On June 16, we are holding our second cloud startup showcase. Click here to take part in the free and open Event Startup Showcase.
We really want to hear from you. Thank you for taking the time to read this post. We look forward to your visit at the event and in the CUBE Club.