Hacker Sentenced to Probation, No Prison Time, for Data Breach Affecting 100 Million People

A former tech worker from Seattle who was convicted of multiple charges related to the massive hack of Capital One bank and other firms back in 2019 has been sentenced to five years of probation after pleading mental illness.

Thompson also planted cryptocurrency mining software on the hacked servers, collecting the income generated from such mining. Arrested in July 2019, Thompson was found guilty by a federal jury in June 2022 following a seven-day trial.

On Tuesday, U.S. District Judge Robert S. Lasnik sentenced Thompson to time served plus five years of probation, including location and computer monitoring.

During the sentencing, Lasnik noted that time in prison would be “particularly difficult” for Thompson due to being a biologically male transgender and having mental health issues.

U.S. Attorney Nick Brown said that he was “disappointed” with the court’s decision and insisted that this is not what “justice looks like.”

Thompson claimed that Thompson hacked multiple companies to spot any vulnerability in the systems of these firms and collect bounties—payments that are sometimes made to certain hackers who identify and correct vulnerabilities in networks.

The defense also argued that Thompson’s actions were legal since the breached systems continue to perform as expected.

However, prosecutors requested a seven-year prison sentence for Thompson, insisting that Thompson’s crimes were “fully intentional and grounded in spite, revenge, and willful disregard for the law.”

“She exhibited a smug sense of superiority and outright glee while committing these crimes,“ prosecutors wrote in the sentencing memo. ”Thompson was motivated to make money at other people’s expense, to prove she was smarter than the people she hacked, and to earn bragging rights in the hacking community.”

Lasnik scheduled a hearing on Dec. 1, 2022, to determine the amount of restitution Thompson must pay to the victims.