Federal grand jury indicts Paige Thompson on two counts related to the Capital One data breach
The Department of Justice said today that a federal grand jury has indicted software engineer Paige Thompson on two counts related to the Capital One data breach that affected over 100 million customers. The charges in the indictment carry penalties of up to 25 years in prison. Thompson will be arraigned in U.S. District Court in Seattle on Sept. 5.
Thompson allegedly created created software that allowed her to see which customers of a cloud computing company (the indictment does not name the company, but it has been identified as Amazon Web Services) had misconfigured their firewalls and accessed data from Capital One and more than other 30 companies.
Much of the information in today’s indictment was already included in the FBI’s criminal complaint filed in July. In the indictment, however, the Department of Justice includes the new allegation that Thompson used the cloud servers she allegedly breached for cryptojacking. Though Thompson had previously made references to cryptojacking, or stealing someone else’s processing power to mine cryptocurrencies, in Slack messages reported by Forbes, today’s indictment does not contain new evidence about why the Department of Justice is making those claims.
Research has found that cryptojacking may be on the rise, in part because many organizations do not have adequate security measures in place.