Capital One Data Breach Adds to the Long List of Recent Attacks on Consumer’s Identity Information

Capital One acknowledged that on July 19, 2019 a hacker compromised personal information of more than 100 million people – making this the largest theft of data from a bank. The hacker, Paige Thompson, was a former Amazon software engineer who used her knowledge of Capital One’s system to circumvent their firewall protection and extract the customer data. The hacker took control of credit card applications that contained personal information such as names, addresses, zip codes, e-mail addresses, phone numbers, and dates of birth. For some consumers, the hacker obtained portions of credit card customer data, credit scores, credit limits, payment history, and transaction data. Capital One has fixed the vulnerability in its system and is continuing its investigation alongside the FBI.

This comes in a long line of security breaches that have unfortunately become the norm in today’s society. The bad news is that these hacks are likely to continue as hackers stay one step ahead of the cybersecurity analysts tasked with preventing these types of attacks. Until last week, there was little guidance on what monetary relief was available to consumers. But after the monumental Equifax settlement, some argue that the bar has been set for payouts and settlements for future companies hit with data breaches. (Check out our blog on the Equifax settlement here). What we can expect from Capital One is probably similar to Equifax’s settlement: free credit repair, free credit monitoring, and possibly reimbursement for consumer time spent monitoring/addressing the data breach as it affected their lives.

The reason companies like Capital One settle and offer these remedies so quickly is because they clearly have exposure for the security failures and vulnerabilities leading to these hacks. How much blame courts would heap on to these companies is yet to be seen because most of these cases end in confidential settlement. As a result, out of the many data breaches we only learn payout numbers on a select few cases. Moving forward, we are likely to see legislators and the Federal Trade Commission take more steps to bulk up security requirements for companies housing consumer’s sensitive data.

Capital One will be notifying all consumers affected by the breach and is instructing consumers to diligently monitor their credit score, their credit card bills, and document everything during this time.