Class Actions Lawsuits
Data Breach

Capital One Data Breach Consumer Class Action

Data Breach class action lawsuit

Case Overview

In July 2019, Capital One Financial Corporation disclosed that a former Amazon Web Services software engineer had exploited a misconfigured firewall to access its cloud servers, stealing the personal information of approximately 98 million U.S. individuals and 6 million Canadian customers who had applied for credit card products. The stolen data included names, addresses, phone numbers, email addresses, dates of birth, self-reported income figures, credit scores, payment history, and — for roughly 140,000 Social Security numbers and 80,000 linked bank account numbers. The breach was one of the largest financial data thefts ever recorded and immediately triggered dozens of class action lawsuits across the country, which were subsequently consolidated in the Eastern District of Virginia.

Capital One agreed to a $190 million class action settlement in December 2021, which received final court approval in September 2022. Class members could submit claims for out-of-pocket losses, lost time (compensated at $25 per hour for up to 15 hours), and a pro-rata share of a residual fund. The settlement also required Capital One to implement and maintain substantial data security improvements, including enhanced network monitoring, threat detection, and vulnerability management programs. The hacker, Paige Thompson, was convicted of federal wire fraud and computer fraud charges in 2022 and sentenced to time served plus supervised release in 2023.

Who May Qualify

U.S. residents who applied for a Capital One credit card or other financial product between 2005 and 2019 and whose personal information was included in the 2019 data breach are eligible. This includes individuals who received a breach notification letter from Capital One.

Frequently Asked Questions

How do I know if I was affected by the Capital One data breach?

Capital One notified affected customers by mail and email in 2019. You can also check whether you received a settlement claims notice in 2022. Individuals who applied for Capital One credit cards or other products between 2005 and early 2019 were most likely to be affected.

How much did Capital One data breach victims receive?

Settlement payments varied. Class members could claim documented out-of-pocket losses up to $25,000, up to $75 for lost time (at $25/hour for up to 3 hours without documentation), or up to $150 for documented lost time. Any remaining settlement funds were distributed on a pro-rata basis among eligible claimants.

Was the Capital One hacker caught and prosecuted?

Yes. Paige Thompson, a former Amazon Web Services engineer, was arrested within days of the breach being disclosed and was convicted of wire fraud and computer fraud by a federal jury in June 2022. She was sentenced in June 2023 to time served (approximately three years) plus five years of supervised release.