DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ninth Circuit Reverses Probation Sentence for Paige Thompson

Posted on March 21, 2025 by Dissent

Conor Brian Fitzpatrick (aka “Pompompurin” of Breached.vc) isn’t the only person to have their sentence vacated and remanded for re-sentencing this year.  Paige Thompson, who was responsible for the massive Capital One hack in 2019, will also be re-sentenced. Eugene Volokh writes:

A short excerpt from the 9,000-word U.S. v. Thompson, decided yesterday by Ninth Circuit Judge Danielle J. Forrest, joined by Judge Johnnie B. Rawlinson:

Paige Thompson committed the second largest data breach in United States history at the time, causing tens of millions of dollars in damage and emotional and reputational harm to numerous individuals and entities. The district court correctly calculated Thompson’s sentencing range under the Federal Sentencing Guidelines (the Guidelines) to be 168 to 210 months of imprisonment. It then granted a roughly 98% downward variance to time served (approximately 100 days) and five years of probation. Because the district court made clearly erroneous findings and did not properly weigh the 18 U.S.C. § 3553(a) sentencing factors, we conclude that the sentence it imposed is substantively unreasonable, and we vacate and remand for resentencing….

As in Fitzpatrick’s case, the judge had made a significant departure from federal sentencing guidelines in sentencing Thompson, which the appellate court found to be unreasonable. As Volokh writes:

The district court considered that Thompson is transgender, autistic, and has suffered prior trauma in her life. Thompson’s personal background and characteristics are, of course, proper considerations at sentencing, but they may not be the sole basis for the chosen sentence. And the district court also speculated that recent BOP policy changes about housing transgender inmates may be undone by a future presidential administration. Such speculation regarding BOP policy is improper, especially when it apparently carried the weight it did in this sentencing. {The BOP has since changed its policies regarding the incarceration of transgender persons. See Exec. Order No. 14,168 (Jan. 30, 2025). The district court may consider this non-hypothetical policy on remand, but, consistent with this opinion, it may not do so at the expense of a proper weighing of all the § 3553(a) factors.} …

As the district court explained, hacking is “not … a crime of passion that [just] happens.” Fraud crimes like those at issue here typically are calculated, and, as a result, are particularly amenable to general deterrence. But, while the district court acknowledged the Government’s argument that a low sentence would incentivize similar crimes, it does not appear that it gave this factor meaningful weight in selecting the sentence that it imposed. This was a clear error of judgment….

Read more at Reason.

h/t, Risky Biz News

Related posts:

  • Fourth Circuit hears oral arguments about the sentencing of Conor Brian Fitzpatrick (aka “Pompompurin”)
Category: Financial SectorHack

Post navigation

← Former University of Michigan Football Quarterbacks Coach and Co-Offensive Coordinator Indicted on Charges of Unauthorized Access to Computers and Aggravated Identity Theft
Hacktivists claim cyber-sabotage of 116 Iranian ships →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.