Skip to main content 
In March 2019, the banking company Capital One would fall victim to one of the largest financial security breaches in United States history. According to the report, a hacker was able to access the personal information of over 100 million Capital One customers and applicants while going undetected by the bank for approximately four months until it was made public in July 2019. Below is everything you need to know about the Capital One data breach, the settlement, how to find out if you're eligible for compensation, how much you could receive, and the deadline for filing a claim.
What Happened in the 2019 Data Breach?
According to Capital One, former engineer and Amazon cloud employee Paige Thompson illegally accessed the personal information of Capital One customers. This breached private information included details of credit card applications for private and small-business accounts dating between 2005 and early 2019. The Department of Justice (DOJ) stated in a release, "With some of her illegal access, Thompson embedded a cryptocurrency mining software on new servers with the income from the mining going to her online wallet." The DOJ also mentioned that she used an alias to boast on social media and other online forums about how she masterminded the attack.
The FB ultimately arrested Thompson in connection with the case. Then in June, she was convicted of wire fraud, unauthorized access, and damages to a protected computer. Currently, Thompson is scheduled to receive her sentencing on September 15, 2022. However, Thompson was not the only one held liable for the breach. In addition to the $180 million class action lawsuit, the bank was fined $80 million and has agreed to enhance its cloud security standards after it was discovered to have inadequate security and that it could have prevented the breach in the first place. Capital One said they were able to fix their servers' vulnerabilities once they caught wind of the breach and will continue to monitor their security systems closely to avoid another hack.
What Was Exposed During the Breach?
According to Capital One, roughly 140,000 Social Security numbers and 80,000 US bank account numbers, birth dates, addresses, phone numbers, credit balances, scores, and transactions were exposed. The banking company also reported that an additional 1 million Canadian credit card customers and applicants had their Social Insurance Numbers stolen during the hack. However, there were no reports of login information or credit card account numbers obtained by Thompson.
Who Is Eligible for Compensation?
According to Capital One, roughly 98 million applicants and cardholders are eligible to file a valid claim against the company. Capital One has also taken steps to help those potential victims identify if they are at risk by sending out letters and emails to those whose Social Security numbers or bank account numbers were exposed in the hack in the United States, as well as their Canadian customers. However, in the case that you did not receive notice about your Capital One account but have noticed unusual or suspicious activity on your credit card, contact the company to see if you need to file a claim.
How Much Compensation Could I Receive From the Settlement?
A judge has given the preliminary approval for the settlement amount of $180 million. However, a final approval hearing is still pending after initially being slated for August 19 but now moved to September 8. Checks could be sent out soon after the settlement receives final approval, pending there are no appeals. As for how much you may be eligible for, those class members affected by the breach may be eligible to collect up to $25,000 in cash for lost time and out-of-pocket expenditures relating to the breach, including but not limited to:
- Fraud charges
- Preventative identity theft services fees
- Professional data security services fees
Those filing are able to claim up to 15 hours of lost time spent handling issues related to the data breach at a rate of at least $25 per hour. The settlement will also provide three years of free identity protection services through the Pango Group, which includes:
- Identity monitoring
- Lost wallet protection
- Dark-web monitoring
- Account restoration
- Security freeze capabilities
The identity protection services will also cover up to $1 million in identity theft and fraud insurance.
How Can I File a Claim?
In order to file a claim, you will need to head over to the Capital One data breach site and fill out their online forms or follow the instructions for a mail-in claim. The deadline to submit your claims has been pushed from August 22 to September 30, 2022. However, the deadline for exclusion from the settlement in order to retain the right to pursue separate legal action was July 7, 2022. For more information about the Capital One data breach and to learn more about how you may be eligible for compensation, you can contact Morgan & Morgan today by filling out our free, no-obligation case evaluation form.