What’s in your wallet? For Capital One, it’s Paige Thompson and a boat-load of federal lawsuits. On Monday evening, Capital One Financial Corporation (Capital One) announced that it has been victimized by a massive data breach, affecting more than 100 million people in the United States.
Federal authorities on Monday, arrested Paige A. Thompson, 33, a former Amazon Web Services (AWS) employee and hacker who went by the alias, ‘erratic,’ accusing her of violating the Computer Fraud and Abuse Act (CFAA), codified under Title 18, Section 1030 of the U.S. Criminal Code.
According to the criminal Complaint charging Thompson with computer fraud and abuse, under Section 1030(a)(2), she gained access, without authorization, to the data sometime between March and July, through a misconfigured system file in the company’s firewall. Capital One uses AWS for its cloud computing storage.
Capital One stated that it became aware of the breach on July 19, and that it impacted about 100 million U.S. residents and over 6 million Canadian residents, who had, or applied for credit cards. Like Equifax, another blatant and damaging decision to “delay” the notification process to consumers.
The breached data consisted of personally identifiable information (PII) such as names, addresses, postal codes, phone numbers, email addresses, dates of birth, social security numbers, in addition to credit scores, credit limits, balances, payment history, contact information, and fragments of transactional data from a total of 23 days over the past three years.
If you don’t already have chills and an upset stomach, you should because this concerns you, me, and all of us.
Very quickly after the announcement, the Virginia-based financial institution was hit with three federal lawsuits, including one in its home state, another in Washington, D.C., and one in California.
All three lawsuits, brought by Capital One customers, blame the bank for failing to “take reasonable steps” for protecting their sensitive information.
Exploring the 3 Federal Lawsuits
#1—Perdew v. Capital One Bank (USA) [California]
Steven Perdew, by and through counsel, Abbas Kazerounian of Kazerouni Law Group APC and Levin Papantonio Thomas Mitchell Rafferty & Proctor PA, were the first to file suit in what will come to be an extremely important national case with respect to consumer financial security.
“[We] are proud to be the first filed in this very important national case assisting consumers [to] obtain relief in what appears to be a very large data breach,” Kazerouni stated to Law360.
For more information, you can follow this case by entering the Case Number 3:19-cv-01421. This is in the U.S. District Court for the Southern District of California before Judge Roger T. Benitez.
#2 –Baird v. Capital One Financial Corp [Virginia]
On Tuesday, Capital One consumer, DuWayne Baird, filed his lawsuit, by and through counsel, Linda P. Nussbaum of Nussbaum Law Group PC.
“We think this is a very important case and look forward to litigating the issues,” said Nussbaum to Law360 on Tuesday.
For more information, you can follow this case by entering the Case Number 1:19-cv-00979. This is in the U.S. District Court for the Eastern District of Virginia before Judge Leonie M. Brinkema.
#3—Zosiak v. Capital One Financial Corporation et al. [Washington, D.C.]
For Kevin Zosiak, by and through counsel, Murphy Falcon & Murphy and Morgan & Morgan, they know exactly what has been in Capital One’s wallet, lying in wait—Paige Thompson.
“Capital One knew the risks of a security breach and, we allege, did not take the proper steps to protect the personal information applicants and customers trusted the company to safeguard,” Yanchinis stated.
“Capital One’s tagline is ‘What’s in your wallet?’” Yanchins quipped. “Well, now we know the answer — for 100-million people — is a hacker from Seattle.”
For more information, you can follow this case by entering the Case Number 1:19-cv-02265. This is in the U.S. District Court for the District of Columbia.
I spoke with local ABC/FOX and NBC outlets in Ohio yesterday about the Capital One data breach and why this was inevitable following the Equifax breach.
