Capital One to settle 2019 data breach class action lawsuit for $190 million
Capital One will pay $190 million to resolve claims it jeopardized customer information in a 2019 data breach.
The settlement benefits around 98 million Capital One customers whose information was compromised as part of the 2019 data breach.
Read more at TopClassActions.
This settlement is separate from the $80million penalty Capital One was fined in 2020 by the Office of the Comptroller of the Currency.
One of the significant aspects to this litigation is that the court ordered the bank to turn over Mandiant’s forensic investigation to plaintiffs, holding that it was not privileged. That decision has already resulted in lawyers for entities rewording their contracts for forensic investigations to make clear that the forensics is not routine scope of work but is being done for litigation defense purposes (which would put it back in the privileged work product framework, it seems).
And for those who didn’t follow the case closely at the time, the person allegedly responsible for the hack, Paige A. Thompson, aka “Erratic,” is a former Amazon Web Services (AWS) engineer. Thompson was quickly caught, in part, because she bragged on GitHub about a misconfigured web application that she found that enabled her to download Capital One’s data. In June, 2021, the government added more counts to a superseding indictment. The case is still ongoing, and it appears that the defense lost on its motion to dismiss Counts 2-8. On May 5, the defense tried again, submitting a motion to reconsider the order denying dismissal.
The Capital One attack is one of a number of attacks Thompson was allegedly responsible for.
Readers can find some past coverage of the developments in this case by searching this site for “Capital One” coverage beginning in 2019.
The settlement claim site can be found here.