Lawsuit opened over Capital One data breach which hit 100m customers
A class action lawsuit has been filed in the US over a data breach at Capital One bank that saw about 100m US customers have their personal information stolen by a hacker.
Read more: Equifax fined up to $700m for massive data breach
Roughly 140,000 social security numbers and 80,000 linked bank details were stolen, alongside other information such as credit scores and phone numbers, the bank said yesterday.
About 6m Canadians had their information compromised, including 1m social security numbers.
State attorneys general in Connecticut and New York both said today they would investigate the breach.
The suspected hacker was 33-year-old former software engineer Paige Thompson. She appeared in US District Court in Seattle yesterday.
Between 12 March and 17 July, Thompson posted stolen information from the hack on a coding website called Github.
After a fellow member of the website alerted Capital One, police could find and arrest Thompson because her full name was included in the digital address of the page she posted on.
The bank said the incident will cost it between $100m (£82m) and $150m this year as it has to inform customers, monitor credit and offer legal support.
The revelation of the breach saw Capital One’s shares slide four per cent in after-hours trading.
Alex Heid, chief research officer at information security company Securityscorecard, said: “Only a small percentage of those records contained social security information or banking information.”
“Compared to Equifax, this breach does not appear to have had anywhere near the same amount of impact.”
Read more: Data breach reports soar since GDPR as firms fear mammoth watchdog fines
Credit company Equifax is to pay as much as $700m to settle a case after claims it broke the law when a 2017 data breach at the firm saw 147m people have their personal information stolen.
(Image credit: Getty)