SEATTLE — The former Seattle tech worker responsible for hacking activity that impacted millions of people in 2019 was sentenced Tuesday to time served and five years of probation.
Paige Thompson, 37, was convicted of wire fraud and five counts of unauthorized access to a protected computer and damaging a protected computer in June.
Prosecutors asked the court to impose a seven-year sentence. However, at the sentencing hearing, U.S. District Judge Robert Lasnik said time in prison would be difficult because of her mental health and because she is transgender, according to information from the U.S. Attorney's Office.
“While we understand the mitigating factors, we are very disappointed with the court’s sentencing decision. This is not what justice looks like,” said U.S. Attorney Nick Brown. “Ms. Thompson’s hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals. Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction.”
Thompson used a tool that she built to scan Amazon Web Services accounts and search for misconfigured accounts. She then used those accounts to hack into 30 entities, including Capital One, according to the U.S. Attorney’s Office. The hack impacted more than 100 million U.S. Capital One customers. At the time, Capital One said the compromised information included 140,000 Social Security numbers and 80,000 bank account numbers. It is among the largest breaches on record involving a major U.S. financial institution.
Prosecutors said Thompson planted cryptocurrency mining software on new servers and pocketed the income from mining.
Thompson also “bragged” about her exploits on online forums and in texts, according to the U.S. Attorney’s Office.
A hearing is scheduled for Dec. 1 to determine the amount of restitution Thompson will have to pay victims.