Hacker Gets Probation for Massive Capital One Data Breach

The hacker responsible for the massive 2019 data breach of Capital One has been sentenced to time served and five years of probation.

US District Judge Robert S. Lasnik said that sentencing former Amazon systems engineer Paige Thompson to time in prison would've been "particularly difficult on her because of her mental health and transgender status," the Department of Justice said in a statement.

US Attorney Nick Brown said in a statement that he was "very disappointed" with the sentencing decision. "This is not what justice looks like," he said. Thompson had faced up to 20 years in prison for wire fraud, but prosecutors instead had sought a seven-year sentence.

The hack, one of the largest-ever breaches of a financial services company, affected more than 100 million US customers and involved the theft of sensitive data including Social Security and bank account numbers. In addition to downloading data, Thompson planted cryptocurrency mining software on servers and directed crypto to her online wallet, the Justice Department said.

"Ms. Thompson's hacking and theft of information of 100 million people did more than $250 million in damage to companies and individuals," Brown said. "Her cybercrimes created anxiety for millions of people who are justifiably concerned about their private information. This conduct deserves a more significant sanction."

Thompson, 37, was found guilty in June of wire fraud, unauthorized access to a protected computer and damaging a protected computer. She was acquitted on charges of aggravated identity theft and access device fraud.

Capital One agreed last year to pay $190 million to settle a class-action lawsuit filed by customers. In 2020, Capital One agreed to pay $80 million to settle claims by federal bank regulators that it failed to protect the data.

A hearing is scheduled for Dec. 1 to determine the amount of restitution Thompson must pay to her victims.