in Newswire Published on August 7, 2019

Capital One, Amazon Web Services Facing Class Action Suit Over Recent Data Breach

by Seth Humeniuk

View Comments

Desoer v. Capital One Financial Corporation et al

Filed: August 5, 2019 § 2:19cv1223

Read Complaint

Capital One and Amazon Web Services are facing another suit connected to the massive data breach that saw 100 million customers' personal information exposed.

Defendant(s)

Capital One Amazon.com Capital One Financial Corporation Amazon Web Services

Law(s)

State(s)

Washington

Categories

Technology Privacy Data Breach

Capital One Financial Corporation and Amazon Web Services Inc. have been hit with a proposed class action for purportedly failing to safeguard customer data after the bank’s servers were hacked. A similar class action suit against Capital One was filed in Virginia last week, and many others are pending

The suit stems from the recent breach of Capital One’s servers, which saw the personal information of 100 million people exposed. The complaint states that up to 140,000 Social Security numbers and 80,000 bank account numbers, as well as an unspecified number of customers’ credit card information, among other sensitive details, were exposed in the breach.

The complaint argues that the defendants failed to use industry-standard security measures, such as data encryption and tokenization, failed to test Capital One’s firewall security, and failed to configure its servers properly. If these basic steps were taken, the case says, the hack could have been prevented.

The alleged hacker, a former software engineer for Amazon Web Services, was reportedly able to access Capital One customers’ personal information through the bank’s servers, which were hosted by Amazon, because the firewalls protecting the servers were configured incorrectly, the lawsuit says. She reportedly had access to the servers for four months before being detected and posted customer information on the tech site GitHub. The defendants discovered the breach when an anonymous party tipped them off that customer information had been posted on the site, the suit states.

Capital One has stated that they don’t believe it’s likely that the compromised personal information was used fraudulently, but the suit contends otherwise. The lawsuit quotes noted cybersecurity expert Brian Krebs, who said, “it seems likely that at least some of that data could have been obtained by others who may have followed [the hacker’s] activities on different social media platforms.”

Though Capital One publicly acknowledged the breach, the bank waited 12 days before alerting customers whose information was potentially exposed, the case says.

If certified, the proposed class will be massive and cover everyone in the United States whose data was exposed during the breach, with a separate subclass for those affected in California.

Capital One is offering free credit monitoring to those affected by the breach. 

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on August 7, 2019 — 3:28 PM

Seth Humeniuk

Seth Humeniuk is the Junior Content Writer for ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.