fbpx

Capital One, Amazon Exposure of PII of 100 Million California Class Action

The complaint for this class action contains a quote from the CEO of one of the defendants, Capital One: “We’re building a technology company that does banking.” But that heavy reliance on technology, without adequate precautions, seems to have led to a massive data breach in 2019. The complaint bring suit against Capital One Financial Corporation, Capital One Bank (USA), NA, Capital One, NA, Amazon.com, Inc., and Amazon Web Services (AWS), alleging that Capital One’s data storage with Amazon did not accurately protect the personally identifiable information (PII) it maintained.

The class for this action is all California citizens whose information was exposed in the data breach.

Capital One is one of the largest banks and issuers of credit cards in the country. The complaint quotes the company as saying, “Safeguarding customers’ information is essential to our mission as a financial institution.”

Yet the data breach it announced in July 2019 compromised the information of nearly 100 million people in the US and 6 million in Canada. These, the complaint says, were “primarily people who applied for Capital One credit card products between 2005 and 2019.

The information exposed included names, addresses, dates of birth, self-reported income, credit scores, credit card limits, credit card payment history, along with Social Security numbers and bank account numbers for a more limited number of people.

How did the data breach happen? The complaint alleges that Capital One stored the information “in an Amazon Web Services (‘AWS’) environment that was so insecure a former Amazon employee named Paige Thompson … was able to surreptitiously access and view the PII, remove it from the AWS environment, and make the method for doing so available to the public without [Capital One and Amazon] even noticing.” The complaint alleges that the companies were “asleep at the wheel.”

The complaint alleges that Capital One and Amazon knew about the vulnerabilities in the system. It claims, “They ignored the telltale signs of Thompson’s hacking into their computer systems. And for months, they looked the other way while Thompson publicly discussed the breach on Twitter and other social media sites.”

In fact, the complaint alleges that the companies were so well aware of the vulnerabilities in the system that, after the breach, Capital One said it was able to “immediately address[] the configuration vulnerability” that had permitted the data breach.

The counts include negligence, negligence per se, breach of contract, and violations of California state laws, among other things.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Capital One, Amazon Exposure of PII of 100 Million California Complaint

November 3, 2021

The complaint for this class action contains a quote from the CEO of one of the defendants, Capital One: “We’re building a technology company that does banking.” But that heavy reliance on technology, without adequate precautions, seems to have led to a massive data breach in 2019. The complaint bring suit against Capital One Financial Corporation, Capital One Bank (USA), NA, Capital One, NA, Amazon.com, Inc., and Amazon Web Services (AWS), alleging that Capital One’s data storage with Amazon did not accurately protect the personally identifiable information (PII) it maintained.

Capital One, Amazon Exposure of PII of 100 Million California Complaint

Case Event History

Capital One, Amazon Exposure of PII of 100 Million California Complaint

November 3, 2021

The complaint for this class action contains a quote from the CEO of one of the defendants, Capital One: “We’re building a technology company that does banking.” But that heavy reliance on technology, without adequate precautions, seems to have led to a massive data breach in 2019. The complaint bring suit against Capital One Financial Corporation, Capital One Bank (USA), NA, Capital One, NA, Amazon.com, Inc., and Amazon Web Services (AWS), alleging that Capital One’s data storage with Amazon did not accurately protect the personally identifiable information (PII) it maintained.

Capital One, Amazon Exposure of PII of 100 Million California Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy