Security News > 2022 > June > Capital One identity theft hacker finally gets convicted
Capital One Financial Corporation announced [] that on July 19, 2019, it determined there was unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.
As you will notice from the OCC's remarks above, the breach ultimately came down to poor cloud security, with data apparently exposed due to being shifted from a privately-controlled data store into the cloud.
The jury found her not guilty of access device fraud and aggravated identity theft.
She then used those misconfigured accounts to hack in and download the data of more than 30 entities, including Capital One bank.
In the DOJ's words, "Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself."
Even though Capital One ended up with an $80m fine in this case, the regulators did note that they "Positively considered the bank's customer notification and remediation efforts", meaning that things would almost certainly have been much worse if Capital One had tried to sweep things under the carpet.