Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Capital One and Amazon’s failure to adequately safeguard credit card holders’ personal data allowed it to be compromised in a 2019 data breach, according to a class action lawsuit filed in the Superior Court of Québec.
Not only did the defendants fail to safeguard against the Capital One credit card data breach, they also failed to provide timely notification to those who were affected, the Capital One data breach class action lawsuit says. The data theft reportedly occurred on March 22 and 23, 2019 and was initially discovered on July 17, 2019. However, the data breach was not disclosed to the public until July 29, 2019.
“This case involves one of the biggest data security breaches in history,” the Capital One data breach class action lawsuit states.
Capital One has collected massive amounts of data on its customers since 2005. To store and mine this data, it had created a massive data centre that it would spend significant amounts of money to upgrade, maintain and secure.
“Class Members entrusted their most sensitive data — data that could be used by a miscreant to assume those customers’ identities — to a bank and cloud computing company based on their reasonable belief that it would be safe and secure,” the Capital One data breach class action lawsuit alleges.
“Capital One and Amazon thoroughly monetized (and continue to monetize) sensitive Capital One Customer data, mining it for every edge and insight about their behaviours.”
Capital One decided the cost of maintaining a data centre was too high and decided to utilize Amazon’s AWS public cloud to store and process customer data in 2015. This system allowed Capital One to buy only as much computing power and storage as it needed. It also allowed the credit card company to take advantage of Amazon’s machine learning tools and data scientists.
“Unfortunately, there were serious problems with using AWS to mine customer data,” the data breach class action lawsuit says. “Most importantly, the machine learning models required massive amounts of historical data and if the data was insufficient, the models would not be accurate.”
According to the data breach class action lawsuit, Capital One created massive repositories of customer data that included “data retained far in excess of customer expectations.”
Unlike other large financial institutions that prioritized the security of customer data, Capital One elected to provide customers’ sensitive data to a public cloud provider. At the same time, Amazon was looking for a large financial institution to sign on to the AWS ecosystem to signal to other financial institutions that it was safe to put their data in the public cloud.
Because it was widely known that AWS suffered from a security flaw, Capital One created software that it jointly marketed with Amazon to misleadingly reassure customers, regulators and the public that the data would be protected. However, this software reportedly failed to safeguard the data as promised.
The data breach reportedly affects information that was collected at the time individuals and small businesses applied for a Capital One credit card between 2005 and 2019. The information compromised in the data breach may include: names, addresses, postal codes, phone numbers, email addresses, birthdates, credit card application data, and other customer data.
According to the data breach class action lawsuit, Capital One and Amazon together “orchestrated a massive migration of highly-sensitive data” to a public AWS cloud from Capital One’s private cloud. Together, Amazon and Capital One allegedly misled customers, regulators and members of the public by claiming the data was being protected. However, the Capital One data breach class action lawsuit says these assurances are “indisputably false and/or misleading.”
Capital One credit card holders and applicants who reside in Quebec and whose personal information was compromised in the Capital One credit card data breach incident that occurred on March 22-23, 2019 are included as potential Class Members of this data breach class action lawsuit.
Approximately 100 million U.S. residents and 6 million Canadians were likely impacted by the Capital One credit card data breach. Additionally, about 1 million social insurance numbers were compromised.
The Capital One data breach class action lawsuit asks a judge to order the defendants to implement safeguards to prevent and detect unauthorized access to private information, and offer compensatory and punitive damages to Class Members.
A similar Capital One credit card data breach class action lawsuit has been filed in Calgary.
Do you have a Capital One credit card? Are you worried about your personal information being exposed in this data breach? Tell us your thoughts in the comment section below!
The plaintiffs are represented by Jeff Orenstein of Consumer Law Group Inc.
The Capital One Data Breach Class Action Lawsuit is M. Royer, et al. v. Capital One Bank (Canada Branch), et al., Case No. 500-06-001010-194, in the Superior Court of Québec, Canada.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
3M issues recall for noise-reducing earmuffs due to potential breakage
April 30, 2024 | Product Recalls
36 thoughts onCapital One Data Breach Class Action Lawsuit Says Millions Were Impacted
How do you get in on this? Capital one screwed me also.
I also received a letter from capital One admitting my data had been breached
I have a capital one credit card and am concerned my data may of been breached
Please add me to the list.. I received a letter too.
I also have had my data compromised in the capital one breach curious as to what’s happening with this one i reported my info after receiving a letter stating all my information was compromised.
I am a customer who had my info breached too, curious about this
As a Capital One client has my info been breached
This is concerning
Please add me to the list for the Class Action Suit
I also received a letter from Capital One in 2019 saying my personal information may have been compromised.
I received a letter saying my information may have been compromised and that I would get a year of free year of some sort of online help, this is Capital One about a year ago.Add my name
I received a letter saying my information may have been compromised and that I would get a year of free year of some sort of online help, this is Capital One about a year ago.I thaught that this was some sort of way to cover their asses