Former Seattle tech worker convicted of wire fraud after 2019 Capital One data breach

A verdict has been reached in the case of Paige Thompson, the former Seattle software engineer arrested in 2019 for computer fraud and abuse of the Capital One Financial Corporation’s stored data that affected more than 100 million people.

Thompson was found guilty Friday of wire fraud, five counts of unauthorized access to a protected computer and damaging a protected computer, according to the office of Nick Brown, U.S. Attorney for the Western District of Washington.

The jury found Thompson not guilty of access device fraud and aggravated identity theft.

Wire fraud is punishable by up to 20 years in prison, while illegally accessing a protected computer and damaging a protected computer are each punishable by up to five years in prison.

Thompson is scheduled for sentencing on Sept. 15.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said Brown. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”

According to a criminal complaint, in 2019, Thompson posted about her theft of information from Capital One servers on the information sharing site GitHub.

On July 17, 2019, a GitHub user alerted Capital One that it had possibly suffered a data theft.

Federal investigators determined the posts were tied to Thompson just two days later and served a search warrant at her home, according to the U.S. Attorney’s Office.

“We didn’t know what she was doing,” said Thompson’s Beacon Hill housemate in an interview with KIRO 7 in 2019, who did not want to be publicly identified. “You’re still stealing from somebody.”

Officials said they seized electronic storage devices where copies of the data had been stored.

“She didn’t want to come out — she was like ‘why are you here?’” said Thompson’s roommate. “Her Twitter handle is very fitting — you’ve seen it, ‘erratic.’ That’s pretty much the best way to describe her.”

At the time, Capital One said the event “affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”

“Capital One quickly alerted law enforcement to the data theft, allowing the FBI to trace the intrusion,” Brian T. Moran, then-U.S. Attorney for the Western District of Washington, said in a statement at the time. “I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it.”

In the wake of the event, Capital One was fined $80 million and settled customer lawsuits for $190 million, according to the U.S. Attorney’s Office.