Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access to the personal information of tens of millions of Capital One customers, a Seattle jury determined this spring. She’s set to be sentenced this month, and compliance expert Michael Volkov explores the regulatory consequences of her case.
Paige Thompson, a former Amazon Web Services employee, was recently convicted of seven counts of fraud in U.S. District Court for stealing personal data of millions of people from unsecured accounts stored on the tech giant’s cloud service. Sentencing is scheduled for later this month.
Thompson used a tool she built to search for misconfigured AWS accounts and then used those accounts to hack the data of more than two dozen entities, including Capital One bank, which was fined $80 million and later settled customer lawsuits totaling nearly $200 million.
This incident is an important reminder for all financial institutions that are customers of cloud service providers (CSPs) that they need their own set of cloud security measures and cannot rely solely on the CSP for such security. In Capital One’s case, Thompson was able to gain unauthorized access to customer data, which included Social Security numbers and bank account…
