Class Action Lawsuit Filed Against Capital One Following Breach Drew Wilson | July 31, 2019 It didn’t take long. A class action lawsuit has been filed against Capital One over the 100 million customer data breach. Yesterday, we brought you word that a large data breach took place at Capital One. In all, 100 million customers had been compromised. While it may not be a data breach that came in at the top 5 large data breaches, it’s still significant. The breach also garnered a fair bit of media attention from major news networks. Now, barely 24 hours after news broke, a class action lawsuit has been filed against Capital One. From Forbes: Following a massive data breach that compromised the personal information of more than 100 million people, Capital One has been hit with a class-action lawsuit. A complaint from the law firm of Morgan and Morgan was filed today with the United States District Court for the Eastern District of Virginia on behalf of the millions of consumers affected by the breach. The legal challenge alleges that Capital One failed to take “reasonable care” to secure sensitive information belonging to its customers. Capital One first disclosed the security breach on the evening of July 29, 2019. According to the company, personal information belonging to more than 100 million people was compromised in the breach. Included in the breach is information dating back as far as 2005. Customer data accessed by the hacker includes full names, physical addresses with full ZIP and postal codes, phone numbers, email addresses, dates of birth and self-reported income—information that is typically requested on credit card applications. Capital One said that credit scores, credit limits, account balances, payment history and contact information was also stolen. While Capital One holds that “99 percent” of Social Security numbers held by the company weren’t compromised, a significant number of people have in fact had the sensitive personal identification compromised. A total of 140,000 people had their Social Security number stolen and approximately one million Social Insurance Numbers assigned to Canadian citizens were also compromised. Another 80,000 linked bank account numbers were also exposed in the breach. For some, the name Morgan and Morgan might ring a bell. In fact, we did report on their activities before. If you remember the AMCA data breach, Morgan and Morgan also filed a class action lawsuit in that case as well. In that case, at least 20 million patients had their personal information exposed. So, it seems that the law firm, if they haven’t already been doing so before all this, are really getting in on data breach litigation. Who could blame them? As long as executives continue to not even care about data breaches, we’re likely going to see a continuation of all of this for some time yet. Litigating negligent companies (not saying that negligence played a roll in the Capital One case) will likely be quite the cash cow for quite some time. Regardless, all of this follows a familiar pattern we’ve been seeing here on Freezenet. A major breach takes place. Class action lawsuits are filed. Governments begin launching probes and investigations. Depending on the site, there may be political interventions taking place as well. Company gets hit with fines and/or settlement out of court takes place. Hacker may or may not get caught. We move on to the next breach and the cycle starts all over again. The question then becomes, how do we break this cycle? Since companies are not exactly willing to break out of the cycle, that leaves government to step in. Of course, some out there might think that this will always be a bad thing. Unless lawmakers come up with a silver bullet law that stops all breaches in their tracks and has no unintended consequences, then some might go so far as to say that the law is bad, terrible, and make things worse. Of course, the alternative is that no action takes place and we continue repeating the same cycle over and over again. What else can really happen in the first place to break this cycle? The only other thing we can think of is the formation of international agreements. That, again, is lawmaking. So, we return to the question: how do we break this cycle? Practically speaking, it looks like, for now, we continue this cycle. Unfortunately, that means millions more will likely be hurt in the process. Drew Wilson on Twitter: @icecube85 and Facebook.