Industry

Over 100 Million Individuals Affected by Capital One Breach

The data breach is reported to affect approximately 100 million customers in the United States and approximately 6 million in Canada.
By Rob Boyce

On July 29, bank and credit card company Capital One announced the discovery of a data breach affecting approximately 100 million customers in the United States and approximately 6 million in Canada. About 140,000 Social Security numbers and 80,000 bank account numbers were compromised, as well as personal information such as names, addresses, birthdays, etc., and “fragments of transactional data from a total of 23 days in 2016, 2017 and 2018.”

The breach brings its $400 million cyber coverage into play. The bank estimates its costs to be between $100 million-150 million, mostly in the form of legal support and credit monitoring for its customers.

The cause? A “configuration vulnerability” in Capital One’s cloud server—that is, the company misconfigured its server. The bank, which has positioned itself as a tech leader in the financial space, is not the first to fall victim to this kind of mistake–about 90% of data breaches are caused by human error. This comes with litigation: Capital One “is being charged with negligence and breach of implied contract, according to the complaint filed in the U.S. District Court for the District of Columbia in Kevin Zosiak et al. v. Capital One Financial Corp. et. al.

The Equifax breach, which affected approximately 145 million people, was followed by a renewed focus on cybersecurity regulation and fresh questions about how the U.S. government could help address data privacy concerns. The Council will continue to monitor state and federal legislatures in the coming months to see if any regulatory action is taken. New York has already taken notice:  a statement from the NY Department of Financial Services indicated the NYDFS  is “deeply concerned” by the breach and would be “examining [the] matter.”

Rob Boyce Director, Market Intelligence & Insights Read More

More in Industry

Q&A with John Drzik
Industry Q&A with John Drzik
President, Global Risk & Digital, Marsh
Industry Global Risk Management
Emerging themes from The Council's 2019 International Working Group.
Council Lobbyists Dish on National Issues
Industry Council Lobbyists Dish on National Issues
The latest on Capitol Hill from your government affairs team.
Q&A with Diana Gonzalez Garcia, 2019 Council Foundation Scholar
Industry Q&A with Diana Gonzalez Garcia, 2019 Council Foundation Scholar
Why her ideal post-graduation path is in insurance brokerage.
The Role of Virtual Reality in D&I
Industry The Role of Virtual Reality in D&I
VR uses empathy to teach diversity & inclusion.
BrokerTech Ventures
Industry BrokerTech Ventures
The first broker-led incubator and venture group focused spe...