Hacked clients of Amazon Web Services including Capital One, Michigan State, and more than two dozen other entities and businesses
A 37-year-old former Seattle tech worker was sentenced today in U.S. District Court in Seattle to time served and 5 years of probation including location and computer monitoring for seven federal crimes connected to her scheme to hack into cloud computer data storage accounts and steal data and computer power for her own benefit, announced U.S. Attorney Nick Brown. Paige A. Thompson a/k/a ‘erratic,’ was arrested in July 2019, after Capital One alerted the FBI to Thompson’s hacking activity. A federal jury found her guilty in June 2022, following a seven-day trial. At the sentencing hearing U.S. District Judge Robert S. Lasnik said, time in prison would be particularly difficult for Ms. Thompson because of her mental health and transgender status.
“While we understand the mitigating factors, we are very disappointed with the court’s sentencing decision. This is not what justice looks like,” said U.S. Attorney Nick Brown. “Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction.”
Thompson was found guilty of wire fraud, five counts of unauthorized access to a protected computer and damaging a protected computer.
Using Thompson’s own words in texts and online chats, prosecutors showed how Thompson used a tool she built to scan Amazon Web Services accounts to look for misconfigured accounts. She then used those misconfigured accounts to hack in and download the data of more than 30 entities, including Capital One bank. With some of her illegal access, she planted cryptocurrency mining software on new servers with the income from the mining going to her online wallet. Thompson spent hundreds of hours advancing her scheme, and bragged about her illegal conduct to others via text or online forums.
Asking the court to impose a seven-year sentence, prosecutors wrote in their sentencing memo, “…Thompson’s crimes … were fully intentional and grounded in spite, revenge, and willful disregard for the law. She exhibited a smug sense of superiority and outright glee while committing these crimes…. Thompson was motivated to make money at other people’s expense, to prove she was smarter than the people she hacked, and to earn bragging rights in the hacking community.”
“I am proud of how quickly our cyber task force worked together to recover the victims’ personal information and prevent further harm,” said Richard A. Collodi, Special Agent in Charge of the FBI Seattle Field Office. “This case is a good example of why companies and individuals who believe their data has been stolen online should immediately contact the FBI.”
Judge Lasnik scheduled a December 1, 2022, hearing to determine the amount of restitution Thompson must pay to her victims.
The case was investigated by the FBI Seattle Cyber Task Force. The case is being prosecuted by Assistant United States Attorneys Andrew Friedman, Jessica Manca and Tania Culbertson.