Simply as Amazon retail outlets tens of millions of bodily items in a dizzying array of warehouses, Amazon Internet Services and products hosts huge quantities of knowledge for different firms that hire area on its servers. Amongst its shoppers used to be Capital One.
In early 2019, a number of years after she stopped operating for Amazon Internet Services and products, Ms. Thompson looked for its shoppers who had no longer correctly arrange firewalls to offer protection to their information. “Thompson scanned tens of tens of millions of AWS shoppers on the lookout for vulnerabilities,” Mr. Brown wrote in a criminal submitting. By way of March, she had came upon a vulnerability that allowed her to obtain information from Capital One, the prosecutor added.
In June 2019, Ms. Thompson despatched on-line messages to a girl and disclosed what she had discovered, criminal filings mentioned. Ms. Thompson added she had regarded as sharing the information with a scammer, and mentioned she would publicly expose her involvement within the breach.
“I’ve mainly strapped myself with a bomb vest,” Ms. Thompson mentioned in copies of the web chat that have been incorporated in courtroom information, regarding her plan to publicly unencumber the information and divulge herself.
The girl advised that Ms. Thompson flip herself in to the government, prosecutors mentioned. A month later, the lady contacted Capital One and advised the financial institution in regards to the breach. Capital One knowledgeable police officers, and Ms. Thompson used to be arrested in overdue July 2019. If convicted, she may face greater than 30 years in jail.
“The snapshots submitted by way of the federal government are an incomplete and misguided portrayal of a lifestyles extra rather described as one in every of survival and resilience,” Mohammad Ali Hamoudi, a attorney representing Ms. Thompson, and different participants of her criminal crew wrote in a submitting. Ms. Thompson had sought psychological well being remedy, they added, demonstrating her get to the bottom of to confront her issues.
In 2020, Capital One agreed to pay $80 million to settle claims from federal financial institution regulators that it lacked the protection protocols wanted to offer protection to shoppers’ information. The agreement additionally required the financial institution to paintings briefly to toughen its safety. In December, Capital One agreed to pay $190 million to other folks whose information were uncovered within the breach, settling a class-action lawsuit.
