Just as Amazon stores millions of physical goods in a staggering number of warehouses, Amazon Web Services hosts massive amounts of data for other companies that rent space on its servers. Among his clients was Capital One.
In early 2019, several years after she retired from working for Amazon Web Services, Ms. Thompson looked for her clients who had not set up firewalls to protect their data. “Thompson has scanned tens of millions of AWS customers looking for vulnerabilities,” Mr Brown wrote in a legal filing. In March, she had discovered a vulnerability that allowed her to download data from Capital One, the prosecutor added.
In June 2019, Ms. Thompson messaged a woman online, revealing what she had found, legal documents said. Ms Thompson added that she had considered sharing the data with a scammer and said she would publicly disclose her involvement in the breach.
“I actually strapped myself with a bomb vest,” Ms. Thompson said in copies of the online chat included in the court records, referring to her plan to release the data publicly and expose herself.
The woman suggested that Mrs. Thompson would turn himself in to authorities, prosecutors said. A month later, the woman contacted Capital One and told the bank about the breach. Capital One notified law enforcement and Ms. Thompson was arrested in late July 2019. If convicted, she could face more than 30 years in prison.
“The snapshots submitted by the government are an incomplete and inaccurate picture of a life more honestly described as a life of survival and resilience,” wrote Mohammad Ali Hamoudi, a lawyer representing Ms. Thompson, and other members of her legal team. team in a file. Ms. Thompson had sought psychological help, they added, demonstrating her determination to cope with her problems.
In 2020, Capital One Agreed to Pay $80 million to settle claims by federal banking regulators that it lacked the security protocols necessary to protect customers’ data. The settlement also required the bank to act quickly to improve its security. In December, Capital One agreed to pay $190 million to people whose data was exposed during the breach, and settle a class-action lawsuit.