Capital One to Pay $190 Million for Data Breach, Check If You Are Eligible for a Rebate

Capital One data breach settlement

Capital One to Pay $190 Million for 2019 Data Breach

Update 2: Prospective class members initially had until August 22 to file a claim. But that deadline has now been extended to the end of September.

Update 1: This settlement has been approved and you can now file a claim if you are eligible. The Court has not decided the case in favor of Plaintiffs or Defendants. No court or other judicial entity has made any judgment or other final determination of any liability by Capital One or Amazon in this case. Instead, both sides agreed to a settlement after a lengthy mediation process overseen by a neutral mediator.

Who is Eligible?

You are a Settlement Class Member if you are among the approximately 98 million U.S. residents identified by Capital One whose information was accessed in the Capital One Data Breach. If you received a notice, you are likely a member of the Settlement Class. You can also confirm you are a Settlement Class Member, and eligible for benefits, by calling 1-855-604-1811 (Toll-Free).

Most eligible members have received a Notice that contains a Unique ID and a PIN required to file a Claim Form, Here. If you misplaced your Notice or you’re unsure if you are included, you may call 1-855-604-1811 or contact the Settlement Administrator at .

Settlement Payout

Capital One will pay $190,000,000 into a Settlement Fund. The Settlement Fund will be used to:

  • Make cash payments for Out-of-Pocket Losses and Lost Time
  • Purchase Identity Defense Services (see FAQ 9);
  • Purchase Restoration Services for all Settlement Class Members, regardless of whether they make a claim
  • Pay the costs of notifying Settlement Class Members and administering the Settlement;
  • Pay service awards to Settlement Class Representatives and any other Settlement Class Member who was deposed in the action, as approved by the Court 
  • Pay attorneys’ fees, costs, and expenses, as approved by the Court 

Out-of-Pocket Losses

Payment for Unreimbursed Out-of-Pocket Losses: If you spent money to deal with fraud or identity theft that you believe was fairly traceable to the Data Breach or to protect yourself from future harm as a result of the Data Breach, then you can submit a claim for reimbursement up to $25,000 (including your claim for Lost Time). Out-of-Pocket Losses that are eligible for reimbursement may include, without limitation, the following:

  • Money spent on or after March 22, 2019, associated with placing or removing a security freeze on your credit report with any credit reporting agency;
  • Money spent on credit monitoring or identity theft protection on or after March 22, 2019;
  • Unreimbursed costs, expenses, losses or charges you paid on or after March 22, 2019, because of identity theft or identity fraud, falsified tax returns, or other alleged misuse of your personal information that you believe was fairly traceable to the Data Breach;
  • Other miscellaneous expenses related to any Out-Of-Pocket Loss that you believe were fairly traceable to the Data Breach such as notary, fax, postage, copying, mileage, and long-distance telephone charges; and
  • Professional fees incurred in connection with addressing identity theft, fraud, or falsified tax returns that you believe was fairly traceable to the Data Breach.
  • This list provides examples only, and other losses or costs that you believe are fairly traceable to the Data Breach may also be eligible for reimbursement.

To claim reimbursement for Out-of-Pocket Losses, you must also provide “Reasonable Documentation.” Reasonable Documentation means documentation supporting your claim, including, but not limited to credit card statements, bank statements, invoices, telephone records, and receipts. Personal certifications, declarations, or affidavits from the claimant do not constitute Reasonable Documentation but may be included to provide clarification, context or support for other submitted Reasonable Documentation.

Settlement Benefit: Cash Payment for Lost Time: If you spent time (i) remedying fraud, identity theft, or other alleged misuse of your personal information that you believe is fairly traceable to the Data Breach, or (ii) taking preventative measures (time placing or removing security freezes on your credit report, or purchasing credit monitoring or identity protection) on or after March 22, 2019, then you may make a claim for reimbursement for Lost Time at a Reimbursement Rate of the greater of $25 per hour or, if you took time off work, your documented hourly wage.

For Lost Time related to qualifying Out-of-Pocket Losses, you may receive reimbursement for up to 15 hours at your Reimbursement Rate. For Lost Time not related to qualifying Out-of-Pocket Losses (“Self-Certified Time”), you may receive reimbursement for up to 5 hours at the Reimbursement Rate. To make a claim for Lost Time, you must provide a description of (i) the actions taken in response to the Data Breach in dealing with misuse of your information or taking preventative measures and (ii) the time associated with those actions. You must certify that the description is truthful. Valid claims for Lost Time will be reimbursed in 15-minute increments.

The deadline to file a claim for Lost Time is August 22 September 30, 2022.

Related: See All Settlement Rebates Here

Original article (Dec. 27, 2021) – Capital One has agreed to pay a total of $190 million to settle a class-action lawsuit filed by customers for a 2019 data breach that exposed personal data of about 98 million people.

The hacker was Paige Thompson, who was a software engineer at Amazon Web Services and exploited a vulnerability to access its systems. She was arrested and charged with one count of computer fraud and abuse. In court, attorneys for Thompson contend she sought a bounty payment from Capital One after identifying a vulnerability in their system. Such payments to “white hat” hackers are not uncommon. When Capital One did not pay, Thompson posted code related to the vulnerability online and copied personal information of more than 100 million people.

The settlement would cover 98 million customers in the United States who were affected by the breach, which was one of the largest data thefts from a bank. Capital One has set aside funds for the settlement and is investing in its cybersecurity program under new leadership, it said in a statement as reported by NYT.

“While Capital One and AWS deny all liability, in the interest of avoiding the time, expense and uncertainty of continued litigation, plaintiffs and Capital One have executed a term sheet containing the essential terms of a class settlement that, if approved by this court, will fully resolve all claims brought by plaintiffs,” the companies said in a filing with the U.S. District Court for the Eastern District of Virginia.

Related: Read all news about lawsuits and settlements

Settlement Details

6 thoughts on “Capital One to Pay $190 Million for Data Breach, Check If You Are Eligible for a Rebate

  1. I learned that new credit card was opened in my name. I have no knowledge of it and i never applied myself. It has to be because of what capital one did. i never had this problem before. Where do I file claim or contact a lawyer?

    • The link to file a claim is in the article. You need to have a Unique ID and a PIN. If you don’t have that information but think that you are eligible, you can call 1-855-604-1811 or contact the Settlement Administrator at .

  2. I received the letter months ago but I have misplacedd it. Please add me to the claim. How much will I receive?

    Thank you.


  3. if they have all the info for who is eligible, why don’t they just sent out payments to everyone? why do we need to file a claim?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.