Feds File New Charges For Amazon Employee That Leveraged Server Access To Hack Capital One

The federal government has filed a superseding indictment against Paige Thompson, the accused hacker and former Amazon employee who now stands charged of breaking into Capital One accounts and stealing the personal data of some 100 million of the company’s customers.

Emily Langlie, communications director for the U.S. Attorney’s Office in Seattle, said the government added eight new charges on top of the two originally filed in August 2019. It also upped the number of victimized companies from four to eight.

News of the superseding indictment was first published in The Record, which reported that Thompson used the knowledge she gained as an Amazon employee along with scripts to scan for Amazon Web Service servers where web application firewalls had been misconfigured.

The indictment said Thompson accessed these systems and downloaded data onto a server she kept at home. She’s also alleged to have used cryptominer software on some of the misconfigured servers to generate profits for herself.

The new charges, based on analysis done the past several months on data seized from Thompson’s computers and servers, are as follows: six counts of computer fraud and abuse, one count of access device fraud, and one count of aggravated identity theft. Based on the new charges, Thompson faces up to 20 years in prison, a marked increase from the five years she faced from the original charges.

Thompson pleaded not guilty in August 2019 and was released on pre-trial bond. The trial was delayed several times for two main reasons: the pandemic, and the large amount of evidence federal prosecutors had to analyze. The new trial has been set for March 14, 2022.