Skip to main content

Lawsuit over Capital One data breach could eventually get you sweet revenge

If you were affected by the massive Capital One data breach, you might be entitled to cash down the line thanks to a new class-action lawsuit being filed against the company.

The Miami-based law firm Colson Hicks Eidson filed a class-action lawsuit Tuesday against Capital One Financial Corporation “for negligence in failing to safeguard consumers’ personal information” in the recent data breach that impacted 100 million consumers. It’s not clear what will come with the lawsuit down the line, but a massive settlement could be seen as a significant deterrent against companies that don’t do enough to safeguard personal data. And it could net you a couple of bucks — if you were affected. 

Related Videos

“Capital One was reckless and completely disregarded the rights of consumers by failing to implement and maintain adequate data security measures and therefore exposed information to criminals for misuse,” said Lewis S. Mike Eidson, co-counsel for the plaintiffs. “Through this lawsuit, we hope to prevent a re-occurrence of a similar data breach, which has caused tremendous grief and compromised the financial standing and credit scores for so many.”   

If you missed the story of the breach, the short version is that thanks to a faulty firewall, a hacker was able to gain access to the bank’s cloud repository in March of 2019. That hacker collected the personal information from roughly 100 million Capital One customers’ credit card applications, authorities said. The hacker then allegedly posted information about the breach their GitHub account in the middle of April, making it potentially available to others who could use it in nefarious ways.

The alleged hacker, Paige A. Thompson was arrested in July for the hack. She previously worked for Amazon Web Services (AWS) which handles Capital One’s cloud database.

At the time of the announcement of the hack, Capital One said that it is unlikely that the information was used for fraud or disseminated by this individual,” but it had plans to continue to investigate.

Despite that timeline, Capital One did not alert its customers of the breach until July 29, 2019. The information in question was also still available online until at least July 17, 2019 when the bank was notified by an anonymous tipster.

If you’re worried that you were affected by the hack — and there’s a good chance you were, considering how big it was — there are a number of steps you can take to protect yourself.

Capital One has said that it will be notifying those impacted by the hack “through a variety of channels.” We reached out to the company for comment on the class-action lawsuit, and will update this story if we heard back. 

The lawsuit was filed in Federal Court in the Eastern District of Virginia on behalf of plaintiffs Maria de Lourdes Tester and Tracy Elizabeth Masi.

Editors' Recommendations

Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
This vaccine passport app data breach is a cautionary tale
Man frustrated at computer.

A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.

After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.

Read more