The Department of Justice announced today that a federal Grand Jury has indicted software developer Paige Thompson in two cases related to Capital One's infringement involving over 100 million customers. The indictment provides for sentences of up to 25 years in prison. Thompson is being tried on Sept. 5 in the US District Court in Seattle.
Thompson allegedly created software that allowed her to see which customers of a cloud computing company (the charge is not named by the corporation, but was identified as such) Amazon Web Services) had their firewalls misconfigured and on data from Capital One and more than 30 other companies accessed.
Much of the information in today's indictment has been included in the criminal complaint filed with the FBI in July. The indictment, however, adds the new claim that Thompson used the cloud servers that she allegedly used for crypto-jacking. Although Thompson had already referred to cryptojacking or the theft of another's computing power in Slack messages reported by Forbes, today's indictment contains no new evidence as to why the Department of Justice makes these allegations.
Research has shown that crypto-thefts may be on the rise, partly because there are no adequate safeguards in many organizations.
In its statement, the Department of Justice stated that it had identified some of the victims of the data breach, including a government agency, and a public research university outside of the state of Washington and a telecommunications conglomerate outside the US. The indictment did not mention the victims, but security firm CyberInt said Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation could be victims. The data breach also included 1