Accused Capital One hacker pleads not guilty to all charges

She faces up to 25 years in prison if convicted at trial.
People walk past a Capital One bank in New York's financial district. Paige Thompson, the former Amazon Web Services employee accused of stealing personal information from the bank, pleaded not guilty Thursday. (Reuters)

Paige Thompson has pleaded not guilty to all charges in connection with a data breach at Capital One that resulted in the compromise of information about roughly 106 million people.

Thompson appeared in Western District of Washington federal court on Thursday for the first time after she was arrested on July 29 on charges related to the Capital One hack.

A federal grand jury previously had indicted Thompson on two criminal counts, wire fraud and computer fraud and abuse, for which she could be sentenced to up to 25 years in prison if convicted. Upon being advised of her charges and pleading not guilty Thursday, Thompson was taken back into custody.

A jury trial is scheduled to begin Nov. 4.


Thompson, a software engineer, formerly worked for AWS, the cloud computing giant on which Capital One relies to store sensitive data. She allegedly built a customer scanning software that searched for cloud customers with misconfigured firewalls, a common oversight that could enable attackers to issue remote commands to customer servers then obtain personal data stored there.

Roughly 100 million of the people Capital One has said were affected by this breach were based in the U.S., and another 6 million in Canada. The hacker apparently obtained Capital One credit card applications, however the bank said it has no evidence the stolen data has been used for fraudulent purposes.

The government alleges Thompson also stole data from more than 30 other organizations in and outside of the U.S., though court filings have not named specific victims. AWS, in a letter to Sen. Ron Wyden, D-Ore., said it detected no “significant issues” related to this breach at other customers.

Federal attorneys from the Western District of Washington also say Thompson, upon breaching victim organizations, leveraged their computing power to mine for cryptocurrency, an activity known as cryptojacking.

Thompson’s defense attorney declined to comment Thursday. Court records from the arraignment were not immediately available.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts