The culprit for one of the biggest data breaches in the United States (US) will get no jail time but instead was sentenced to five years of probation and time served from 2019.
US District Judge Robert S. Lasnik cited Paige Thompson's mental health and transgender status as the particular reasons why the hacker was let off easy, MarketWatch writes.
The Sentencing Was DOJ's Risk Management Strategy
Thompson, a former Amazon software engineer, was sentenced to time served with five years probation for charges including computing monitoring and seven other federal crimes.
In 2019, the tech worker from Seattle was arrested for her connection to the massive data breach that resulted in millions of personal information stolen.
Fox News states that the 2019 data breach warranted a guilty verdict in June 2022 as Thompson was found responsible for downloading 120,000 social security numbers and roughly 77,000 bank account numbers.
During her sentencing hearing on Tuesday for a couple of charges, Judge Lasnik said that as a trans woman, Thompson's widely recognized medical, mental, and physical risks could cause her to struggle in prison.
However, US Attorney Nick Brown said that turning a 20-year sentence to prison for wire fraud into mere probation was disappointing and "not what justice looks like," as per the report.
Prosecutors Denounce The Weight Of The Sentence
The hacking which affected Capital One was a violation of the Computer Fraud and Abuse Act, and was executed through a software tool Thompson built via Amazon Web Services, Seattle Times reports.
Through misconfigured accounts, the bank's internal system allowed Thompson's access and requests, exploiting the information to try collecting money from companies with vulnerable systems, Gizmodo claims.
Fox News also reports that Federal prosecutors have found that the software Thompson planted on the servers was accessed illegally to steal computing power and mine cryptocurrency.
During the trial, Thompson argued that the purpose of the hacking was to collect the bounty for spotting vulnerable systems.
The 37-year-old woman said that the money would be used as payments for "white hat" hackers, who try to mend companies' online defenses, Seattle Times reports.
According to Market Watch, Thompson's attorney even argued at the trial that there was never an intention to profit from the data breach.
Additionally, her court papers said that no credible or direct evidence could be found that links Thompson to the misuse of a single person's identity.
With this, the jury found her not guilty as it was believed that it was not her intention to commit fraud by stealing personal information that was downloaded on her computer.
According to the Seattle Times, a friend who advocates for Thompson also vouched that there was no malicious intent behind the action.
The individual said that the hacker only saw a situation where there was a financial system with valuable information left unregarded and not secure by officials who were supposed to be responsible for it.
Because of this neglect, CNet reports that Capital One agreed to pay a settlement worth $190 million for the victims of the fraud and $80 million for the federal bank as a fine for failing to protect sensitive data.
The Seattle Times said that there would be a hearing to determine the restitution amount for Thompson to pay scheduled on December 1 in connection to other counts of fraud.
Related Article: Optus Confirms Data Breach; 2.1 Million Government ID Numbers are Exposed