Capital One’s $190 million settlement resulted from: a Massive data breach 2019 received final approval on September 8, and the deadline to file a claim — and receive a portion of the payout — is less than two weeks away.
The March 2019 cyberattack exposed the information of more than 106 million US and Canadian customers. Plaintiffs argued in a class action lawsuit that followed the attack that convicted hacker Paige Thompson could not have accessed Capital One’s Amazon-hosted cloud computing systems had proper cybersecurity precautions been in place.
The bank “was aware of the particular security vulnerabilities that made the data breach possible,” according to their complaint, but did nothing to fix them, and its negligence put millions of people at risk for fraud and identity theft.
Capital One did not respond to a request for comment. It has denied any wrongdoing in the filings and said in a statement it was agreeing to the payout “to avoid the time, expense and uncertainty of continued litigation.”
Here’s what you need to know about the Capital One Settlement, including who qualifies for a check, how to make a claim, and how much money you could get.
Learn more about class action lawsuitsfind out if you’re eligible for money from T-Mobile’s $350 million data breach case, Apple’s $14.8 million iCloud storage settlement, or Sara Lee’s $1 million incorrect ad billing.
What happened in the Capital One 2019 data breach?
In March 2019, in one of the largest security breaches in US history, a hacker accessed the personal information of approximately 106 million Capital One customers and applicants. The massive attack went undetected as of July 2019.
According to Capital One, about 140,000 social security numbers and 80,000 US bank account numbers were exposed, along with dates of birth, addresses, phone numbers, balances, transactions and credit scores. No credentials or credit card account numbers were obtained, the bank said, although one million Canadian credit card customers and applicants also had their Social Security numbers disclosed.
Seattle engineer Paige Thompson, a former Amazon cloud employee, was eventually arrested in connection with the cyberattack. In June 2022, she was convicted of wire fraud and unauthorized access and damage to a protected computer. Thompson illegally gained access to personally identifiable information related to credit card applications dated between 2005 and early 2019 for both personal and small business accounts, Capital One said.
“Using part of her illegal access, she installed cryptocurrency mining software on new servers, with mining proceeds flowing into her online wallet,” the Justice Department said in a press release, adding that Thompson was an alias Used to brag on social media and online forums about the mastermind of the attack.
Capital One has also been fined $80 million and has agreed to improve its cloud security standards. The company said upon learning of the breach it immediately fixed its servers’ vulnerability to fake requests.
Who is Eligible for a Capital One Settlement Payment?
Around 98 million applicants and cardholders are eligible to make a valid claim, according to Capital One. According to Capital One, letters and emails were sent to members whose social security numbers or bank account numbers were exposed in the hack.
If you believe you are eligible but have not received notification, contact the settlement administrator at 855-604-1811 for assistance.
How much can I get from the Capital One settlement?
Class members may recover up to $25,000 in cash for lost time and expenses related to the breach, including unrefunded fraud fees, monies spent to prevent identity theft, and fees for professional data security services.
You can claim up to 15 hours of lost time fixing the issue at a minimum cost of $25 per hour.
The settlement also offers three years of free identity protection services through the Pango Group, including identity monitoring, wallet loss protection, security freeze features, dark web monitoring, free account recovery, and 1% identity theft and fraud insurance million dollars.
How do I file a data breach claim with Capital One?
You can file online at the Class Action Settlement website. You will need the unique ID and PIN printed on the notification you received from Capital One in the mail or email along with detailed documentation including receipts, bank statements, canceled checks and bills. (If you lost your notification or never received it, contact the settlement administrator at 855-604-1811.)
You may also print a paper Claim Form and send it, along with any supporting documentation, to the Settlement Administrator at:
Capital One data breach
PO Box 4518
Portland, OR 97208-4518
When is the deadline for making claims?
The original deadline for filing a valid claim in the Capital One case was August 22, but that deadline has been extended to September 30, 2022.
On July 7, the period for disqualification from the settlement to protect the right to separate action expired.
When do students receive their payments?
The settlement was finally approved on September 8, but there may still be appeals slowing the process. The Settlement Administrator will notify applicants of the payment schedule.
Payments are made either by direct bank transfer or check depending on the method chosen.