A $190 million settlement was announced this week in the multidistrict litigation filed over the Capital One data breach that was revealed in July 2019.
The proposed settlement, which still needs to be approved by a judge, looks to provide reimbursement of up to $25,000 to data breach victims for verifiable out-of-pocket losses, compensation for time spent dealing with the effects of the incident and at least three years of identity theft and restoration services.
Capital One has also agreed to implement certain changes to its business practices to improve the bank’s cybersecurity.
Read on to find out more about the settlement’s benefits and how you’ll be able to file a claim.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
What can I get from the settlement?
Those covered by the settlement (more on this below) will be able to seek reimbursement of up to $25,000 for out-of-pocket losses that are “fairly traceable” to the data breach. These costs, which must be documented, may include:
Unreimbursed expenses or losses that occurred due to identity theft, fraudulent tax returns or other misuse of the individual’s information; Costs incurred on or after March 22, 2019 that were related to a credit freeze on the person’s credit file; Miscellaneous expenses incurred on or after March 22, 2019 related to an out-of-pocket loss, such as the costs of notary services, faxes, postage, copying, mileage and long-distance phone calls; and Costs of credit reports, credit monitoring or other identity theft monitoring products incurred on or after March 22, 2019.
The settlement will also provide compensation for time spent addressing or attempting to prevent fraud, identity theft or other misuse of a data breach victim’s personal information. This reimbursement will be paid at $25 per hour or, if the individual took time off work, at their hourly wage. Data breach victims can claim up to 15 hours of lost time related to qualifying out-of-pocket losses and five hours of lost time that was unrelated to an out-of-pocket loss but spent addressing or attempting to prevent misuse of their information.
The settlement also looks to provide at least three years of identity defense services from data security company Pango that are designed to detect and address potential identity theft and fraud. These services include dark web monitoring, identity monitoring, lost wallet protection, security freezes, identity theft and fraud insurance, customer support and helpful tips.
Those whose Social Security number or linked bank account number was compromised can also enroll in credit monitoring services.
Finally, even data breach victims who do not file a claim or enroll in the identity defense services will receive access to fraud resolution and identity restoration services via Pango for at least three years. This coverage includes access to fraud resolution specialists who can help data breach victims place fraud alerts with credit bureaus, dispute information on their credit reports, schedule calls with creditors, and dispute fraudulent transactions or credit applications, among other tasks associated with mitigating identity theft and fraud.
Who does the settlement aim to cover?
The proposed settlement looks to cover roughly 98 million U.S. residents, as identified by Capital One, whose information was compromised in the data breach announced on July 29, 2019.
Once the settlement receives the judge’s go-ahead, Capital One will come up with a list of affected individuals and notice of the settlement will be sent to them via email or mail.
How do I file a claim?
Those covered by the settlement will be able to file a claim through the official settlement website, which was not live at the time of this post, or by mail.
Claims for reimbursement of out-of-pocket losses will need to be accompanied by “reasonable documentation,” such as credit card statements, bank statements, invoices, phone records and receipts.
Claims for compensation for lost time will include a self-certification as to how much time was lost.
Data breach victims will have 90 days after notice of the settlement is sent out to file a claim for reimbursement of out-of-pocket losses and/or lost time. They can also file a claim for identity defense services during this 90-day period through the settlement website or enroll directly with Pango anytime during the period of service, which will be at least three years.
The fraud resolution and identity restoration services discussed above are available without having to file a claim.
We’ll update this page once the settlement website, CapitalOneSettlement.com, is live and accepting claims.
The data breach
The litigation and proposed settlement stem from a data breach discovered by Capital One in July 2019 that affected more than 106 million of the bank’s credit card customers and applicants.
The information accessed during the breach, which reportedly occurred on March 22 and 23, 2019, included credit card applicants’ names, addresses, phone numbers, email addresses, dates of birth, self-reported income, credit information, transaction data and, for some individuals, Social Security numbers or linked bank account numbers.
A number of lawsuits were filed in the wake of the incident, and more than 60 of them were consolidated into multidistrict litigation (MDL) in October 2019.
A memo filed on January 31, 2022 praised the settlement as a “tremendous result” for those covered by the deal, describing the $190 million fund as “one of the largest created in any MDL data breach litigation.”
The next step in the process is for the judge to grant preliminary approval to the settlement, after which notices will be sent to those covered by the deal. Until then, one of the best things to do is to stay informed.
How do I stay in the loop?
A great way to keep up with settlements and other class action news is to sign up for ClassAction.org’s free weekly newsletter here. Each week, you’ll get information about new cases and investigations, along with recent settlements, sent straight to your inbox.
You can also check back to this page for updates. Once the settlement receives preliminary approval, keep an eye on your inbox and mailbox for a class action notice.