A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people.
U.S. District Judge Robert Lasnik sentenced Thompson to time served, plus five years of supervised release with three years of home confinement, and 250 hours of community service. The judge also maintained the original $40.7 million restitution order.
The resentencing, issued last week, follows a Ninth Circuit Court of Appeals decision that vacated Thompson’s original 2022 sentence after prosecutors appealed the original sentence as too lenient.
Lasnik acknowledged his “poor job of articulating the reasons” for the original sentence but maintained that imprisonment would be “greater-than-necessary punishment” after analyzing all legally required sentencing factors.
The court determined that Thompson’s three years under supervision since the original sentencing demonstrated that non-custodial punishment adequately “reflects the seriousness of the offense, promotes respect for the law, provides just punishment, affords adequate specific deterrence, and protects the public.”
Thompson, now 39, was convicted of wire fraud and computer intrusions after exploiting vulnerabilities in Capital One’s cloud computing systems. The breach affected approximately 106 million Americans, with damages estimated at over $40 million.
In weighing factors that justified a significant downward departure from federal sentencing guidelines of 135-168 months, Lasnik cited Thompson’s mental health challenges, gender transition difficulties, acceptance of responsibility, and poor performance but ultimate compliance on probation.
The court also expressed concerns about the current administration’s executive order regarding transgender inmates in federal prisons, noting uncertainty about whether Thompson would receive appropriate medical care while incarcerated.
“The Court cannot find that a term of imprisonment would meet the need for any sentence to provide the defendant with needed medical care, or other correctional treatment in the most effective manner,” Lasnik wrote.
Prosecutors had again recommended an 84-month prison term, arguing that home confinement failed to provide adequate general deterrence for similar crimes.
While acknowledging the Ninth Circuit’s determination that “a purely probationary sentence in this case does not meet the deterrence goal in sentencing,” Lasnik concluded that other factors outweighed general deterrence concerns in Thompson’s “unique case.”
The court highlighted that Thompson “committed this terrible crime in a situational way, not intending to cause tens of millions of dollars in damages” while unemployed and “extremely depressed.” The judge also noted that Thompson had not monetized the stolen data, had alerted someone who could notify Capital One, and had not reoffended in the three years since her original sentencing.
According to court documents, Thompson “will be living paycheck to paycheck until she reaches retirement age” due to the restitution order.
Neither the Western District of Washington, nor the federal public defender’s office, which represented Thompson, responded to CyberScoop’s request for comment.
You can read the re-sentencing order below.
The post Court reimposes original sentence for Capital One hacker appeared first on CyberScoop.
A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. U.S. District Judge Robert Lasnik sentenced Thompson to time served, plus five years of supervised release with three years of
The post Court reimposes original sentence for Capital One hacker appeared first on CyberScoop. Read MoreCyberScoop
