In July 2019, Capital One, a leading financial corporation, found itself amidst a significant controversy when it reported unauthorized access to the personal data of approximately 100 million individuals in the United States and Canada. This cyber incident had severe implications for those affected, leading to the establishment of a class action lawsuit. This article provides an understanding of the Capital One class action settlement.
Contents
Highlights of the Capital One Class Action Settlement
- The Capital One Class Action Settlement refers to a lawsuit that was filed against Capital One Financial Corporation. The case is titled In re: Capital One Customer Data Security Breach Litigation, Case No. 1:19-md-02915.
- Customers who alleged that Capital One failed to fulfill their obligation of protecting customers’ personal information brought forward the lawsuit, leading to a massive data breach in 2019. The breach reportedly affected over 100 million Capital One customers in the United States and 6 million in Canada.
- The data breach involved unauthorized access by an external individual who obtained personal information of Capital One’s credit card customers and people who had applied for credit card products.
- The information accessed included names, addresses, zip codes, phone numbers, email addresses, dates of birth, and income information. In some cases, compromising social security numbers and linked bank account numbers affected secured credit card customers.
- The alleged failure by Capital One to prevent the data breach and subsequent damage to its customers led to the Class Action Settlement. The plaintiffs claimed that Capital One was negligent and violated various state laws related to consumer protection and data security.
- The settlement was intended to compensate those affected by the data breach. Capital One agreed to a $74.5 million settlement to resolve the claims related to this lawsuit.
- The settlement includes monetary reimbursement for out-of-pocket expenses and time spent mitigating the effects of the data breach. It also provides credit monitoring services for affected customers and increases Capital One’s data security measures.
- U.S. residents, whose personal information Capital One’s database exposed during the data breach, are eligible for this settlement.
- It’s worth noting that accepting the settlement means giving up the right to sue Capital One separately about the same legal claims in this lawsuit.
- The settlement’s final approval hearing was held on February 26, 2021. Currently, affected customers can claim their part of the settlement by submitting a valid claim form online or via mail.
A Brief Overview of the Incident
The data breach incident that occurred in July 2019 involved unauthorized access to personal information of Capital One credit card customers and applicants. The data accessed included names, addresses, Social Security numbers, and bank account numbers. The FBI apprehended the unauthorized individual behind this act. Capital One took immediate corrective actions, but the damage had already affected millions of customers.
The Class Action Lawsuit
Following the breach, Capital One found itself in the midst of a class action lawsuit. On behalf of all individuals affected by the data breach, they filed the lawsuit to compensate for the damages incurred due to the incident.
The Capital One Class Action Settlement Agreement
In 2022, a U.S. federal court preliminarily approved a class action settlement related to the cyber incident. The proposed settlement required Capital One to establish a Settlement Fund of $190 million. The designers of this settlement aimed to compensate the affected individuals for their losses and provide them with additional benefits.
The Settlement Benefits
The Capital One class action settlement provided various benefits to the affected individuals. These benefits include:
- Cash Payment for Out-of-Pocket Losses: The Settlement Class Member used the Settlement Fund to reimburse verifiable unreimbursed costs or expenditures they incurred and believe are fairly traceable to the Data Breach.
- Cash Payment for Lost Time: The Settlement Fund also fairly reimbursed for the time spent remedying fraud, identity theft, or other misuse of a Settlement Class Member’s personal information traceable to the Data Breach.
- Identity Defense Services: All Settlement Class Members were eligible to enroll in at least three years of Identity Defense Services offered at no cost.
- Restoration Services: All Settlement Class Members were entitled to utilize Restoration Services, regardless of whether they enrolled in Identity Defense Services or submitted a claim for Out-of-Pocket Losses or Lost Time.
- Business Practice Changes: Capital One agreed to implement and maintain certain business practice changes relating to its information security program.
Claiming the Settlement
Capital One opened the claim process for the class action settlement on September 28, 2023, and set November 27, 2023, as the last date to submit the claim. The claimants had to fill out a claim form using their unique ID and PIN. They had to complete the claim form and submit it with supporting documents before the deadline.
Eligibility for the Settlement
The eligibility criteria for the capital one class action settlement were straightforward. Essentially, any individual who resided in the United States and had their personal information accessed in the 2019 Capital One data breach was eligible.
The Settlement Payout
The federal authorities have stated that they will deliver the funds within a stipulated period. Capital One has declared its commitment to compensate claimants, offering $25,000 per person. The total settlement amount is $190 million.
Final Thoughts
The Capital One class action settlement represents a significant milestone in the battle for customer data protection. It sends out a strong message to corporations about the importance of safeguarding customer data. While Capital One has taken steps to amend the situation, the incidentis a stark reminder of the potential consequences of data breaches.
Disclaimer: This article is for informational purposes only and does not constitute legal advice.