Considering Capital One’s ranking as one of the five largest credit card issuers in the U.S., a data breach potentially compromising the information of 106 million customers (roughly 100 million U.S. and 6 million Canadian) is cause for alarm. The fact that it was orchestrated by a solo hacker in Seattle, Paige Thompson, (a former Amazon Web Services employee) is even more disconcerting given the scope of the breach. Thompson could not resist bragging online about her grandiose feat which led to her arrest; she is currently facing fraud charges as well as computer abuse.
Capital One initially revealed the breach’s occurrence on July 19, 2019. The company’s chairman and chief executive, Richard D. Fairbank, issued the following statement: “ I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.” The potential cost of this investigation (an estimated amount between $100-$150 million) coupled with the myriad of class action lawsuits will undoubtedly gouge profits from this lucrative company.
In fact, a Capital One customer named Kevin Zosiak of Stamford, CT, filed a class action lawsuit in Washington D.C. almost immediately after the announcement of the data breach. According to Bloomberg LP, Zosiak’s exasperation with Capital One stems from its negligence to protect its customers despite “ample warnings and risks to its systems” through multiple breaches in the past.
The exorbitant cost of this data breach may seem outrageous because the information had allegedly not been distributed yet; however, the damage that may be inflicted on Capital One customers is that it leaves them vulnerable to criminals applying for credit using their personal data. In addition to having access to full names, phone numbers, self-reported income and other sensitive information, criminals could feasibly have access to 140,000 social security numbers and 80,000 bank account numbers. This form of identity theft would wreak havoc on customers, harming their credit and causing, at the very least, a major inconvenience in their daily lives.
Whatever the outcome of the class action lawsuit may be, hopefully the sheer effort involved in rectifying such a crime will make these large companies consider prioritizing the privacy and security of their customers in the future.