Capital One to Pay $190 Million for 2019 Data Breach

Capital One data breach settlement

Capital One to Pay $190 Million for 2019 Data Breach

Capital One has agreed to pay a total of $190 million to settle a class-action lawsuit filed by customers for a 2019 data breach that exposed personal data of more than a 100 million people.

The hacker was Paige Thompson, who was a software engineer at Amazon Web Services and exploited a vulnerability to access its systems. She was arrested and charged with one count of computer fraud and abuse. In court, attorneys for Thompson contend she sought a bounty payment from Capital One after identifying a vulnerability in their system. Such payments to “white hat” hackers are not uncommon. When Capital One did not pay, Thompson posted code related to the vulnerability online and copied personal information of more than 100 million people.

The settlement would cover 98 million customers in the United States who were affected by the breach, which was one of the largest data thefts from a bank. Capital One has set aside funds for the settlement and is investing in its cybersecurity program under new leadership, it said in a statement as reported by NYT.

“While Capital One and AWS deny all liability, in the interest of avoiding the time, expense and uncertainty of continued litigation, plaintiffs and Capital One have executed a term sheet containing the essential terms of a class settlement that, if approved by this court, will fully resolve all claims brought by plaintiffs,” the companies said in a filing with the U.S. District Court for the Eastern District of Virginia.

2 thoughts on “Capital One to Pay $190 Million for 2019 Data Breach

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.