A federal judge in Seattle ordered Paige Thompson, a former Amazon employee accused of hacking Capital One and dozens of other companies, to remain in federal custody as her trial proceeds.
“You are highly talented and have the means and ability to create additional havoc in our banking system,” U.S. Magistrate Judge Michelle Peterson told Thompson after hearing arguments from government prosecutors and defense lawyers Friday during a detention hearing.
For much of the hearing, Thompson sat hunched over, holding her face in her hands. Dressed in a tan shirt and pants, she looked nervous at times and relaxed at others.
Thompson was arrested last month for allegedly hacking into Capital One’s databases and gaining access to approximately 140,000 Social Security numbers and 80,000 bank account numbers. Thompson also stole data from more than 30 more companies, schools, and other organizations, according to prosecutors.
The arguments on Friday revolved around whether Thompson is a risk of flight and a danger to the community. Peterson said Thompson presented a physical danger to herself and others, as well as a financial and economic threat. Peterson also said Thompson did not appear to have sufficient ties to the community, citing her lack of stable residence, a job, or extended family.
Prosecutors said Thompson should be detained as a flight risk due to mental health problems, a history of drug abuse, lack of stable employment and housing, and a lack of local family connections. Thompson has a long history of threatening behavior, both to herself and others, prosecutors say. Authorities previously said that Thompson threatened to “shoot up” an unidentified social media company.
— Ryan Harris KOMO (@RyanHarrisKOMO) August 23, 2019
“Threats like this resonate particularly in this day and age,” said assistant U.S. attorney Andrew Friedman. When searching Thompson’s home, agents seized large amounts of weapons, ammunition, and explosive material belonging to Park Quan, Thompson’s roommate and a convicted felon who was also arrested on July 29.
“Halfway houses provide support, but they are not secure facilities,” said Friedman.
Defense lawyers asked that Thompson, a transgender woman, be released to a halfway house on the grounds that it would give her better access to mental healthcare and gender-affirming treatment.
“We do not detain people without a criminal history, not even a speeding ticket,” as a flight risk, said Mohammad Hamoudi, a federal public defender who is representing Thompson.
Rough day. Erratic was just sent back to federal prison. In essence, the judge set an unusual new precedent: hackers are considered so dangerous to the the *economy* that they must be locked up.
— TProphet (@TProphet) August 23, 2019
Hamoudi also pushed back against the notion that Thompson lacks community ties. “Just because your blood family isn’t located somewhere doesn’t mean you don’t have community,” said Hamoudi. “Her mental health history deeply ties her to this community.”
In a letter to the court, ACLU attorney Chase Strangio wrote that “the conditions that many transgender women face in prison result in lifelong trauma, adverse health consequences, and at times, death.”
Thompson is currently being held at the SeaTac Federal Detention Center and has been placed in the male wing. She was under suicide watch when first arrested, but no longer is.
“The federal detention center is not equipped to treat gender dysphoria,” said Hamoudi.
Working under the online persona “Erratic,” Thompson earlier this year gained access to approximately 140,000 Social Security numbers and 80,000 bank account numbers through Capital One’s database, prosecutors say. The massive data breach impacted more than 100 million Capital One customers, but it was just one of many related hacks, according to court documents.
Thompson has told investigators that she did not sell or share the data. In a statement last month, Capital One said that it is “unlikely that the information was used for fraud or disseminated.”
Capital One is now the subject of several lawsuits and the breach is expected to cost the company between $100 and $150 million in 2019 alone. One lawsuit also targeted Amazon, alleging the company “did nothing to fix” a known vulnerability in the company’s cloud service that was allegedly exploited by the hacker.
Computer fraud and abuse is punishable by up to five years in prison and a $250,000 fine.