Thompson, who was 33 years old at the time of the breach, stole the personal information of more than 100 million Capital One customers. This information included Social Security numbers and bank account numbers. Thompson bragged about her unauthorized exfiltration of this data on GitHub. Online chat logs show that she considered sharing the stolen information with a scammer and planned to publish the data while exposing her involvement. A woman in contact with the perpetrator suggested that Thompson turn herself in to law enforcement, but, after a month of inaction on the part of Thompson, the woman informed Capital One of the breach.
Now, three years after the breach, a Seattle jury has found Thompson guilty of violating the Computer Fraud and Abuse Act. More specifically, the jury declared her guilty on five counts of gaining unauthorized access to a protected computer and damaging a protected computer, as well as wire fraud. However, the jury found Thompson not guilty of access device fraud and aggravated identity theft.
Thompson’s sentence is yet to be decided, but unauthorized access to a protected computer and damaging a protected computer are punishable by up to five years in prison, and wire fraud is punishable by up to twenty years in prison, so Thompson could have a long sentence ahead of her.
Top image courtesy of Wikipedia user Tdorante10