in Newswire Published on August 5, 2019

Capital One Data Breach Subject of Growing Number of Lawsuits

by Erin Shaak

View Comments

Dames v. Capital One Financial Corporation et al

Filed: August 2, 2019 § 1:19cv1010

Read Complaint

Another proposed class action lawsuit has been added to the slew of ongoing litigation against Capital One over a recent data breach that reportedly affected over 100 million credit card applicants.

Defendant(s)

Capital One Bank USA, N.A. Capital One, N.A. Capital One Financial Corporation

Law(s)

State(s)

Virginia

Categories

Privacy Data Breach

Another proposed class action lawsuit has been added to the slew of ongoing litigation against Capital One over a recent data breach that reportedly affected over 100 million credit card applicants. Filed in Virginia federal court, the lawsuit claims Capital One Financial Corporation, Capital One, N.A., and Capital One Bank (USA), N.A. failed to properly safeguard customers’ private information in the lead up to “one of the largest data thefts from a financial institution in history.”

According to the lawsuit, Capital One built a custom web application hosted by Amazon Web Services that, due to a “misconfiguration,” was accessed by a programmer in March 2019. As a result, the case says, proposed class members’ names, addresses, contact information, dates of birth, self-reported income, credit information, Social Security numbers, and bank account numbers were collected by the hacker and posted on her GitHub account, “allowing other unauthorized users to access and exploit” their private information.

The lawsuit argues that the defendants’ alleged failure to maintain proper cybersecurity measures allowed for 140,000 Social Security numbers and 80,000 bank account numbers to be compromised. Further, Capital One, the suit says, failed to detect and disclose the breach for four months, and waited until July 29, 2019 to announce the security incident. From the complaint:

“In addition to Defendants’ failure to adequately implement, test and maintain reasonable cyber-security measures to protect against the wrongful disclosure or compromise of the PII, Defendants failed to timely detect and notify Plaintiff and Class members of the Data Breach in violation of their duties and applicable state data protection laws.”

The lawsuit seeks to certify both a nationwide class of individuals whose private information was compromised in the breach and a class of Missouri residents. The suit additionally looks to certify two subclasses—nationwide and, alternatively, those in Missouri—of people whose information was compromised in the breach after they entered into a credit card agreement with Capital One.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on August 5, 2019 — 2:27 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.