On July 30, 2019, several class actions were filed against Capital One after it revealed it had been the target of a data breach in which 106 million people had their personal information stolen by a hacker who is now facing federal criminal charges. The suits, all brought by Capital One credit card customers, blame the bank for failing to put in place proper security practices for protecting their sensitive information.
The complaints allege that the bank used a digital storage product created by Amazon and built its own web application on top of that, so that Capital One could use the information in ways specific to its needs. The complaints then allege that in recent months, a hacker was able to access Capital One’s data through a misconfiguration of a firewall on Capital One’s web application.
Federal authorities on July 29, 2019 arrested Paige A. Thompson, who also goes under the moniker “erratic,” accusing her of carrying out the hack. According to the criminal complaint charging Thompson with computer fraud and abuse in Washington federal court, she gained access to the data sometime between March and July by compromising Capital One’s servers at a cloud computing company, which we now know is Amazon where she was previously employed. Her residence was searched July 29, 2019 and turned up devices containing evidence related to the Capital One breach, the complaint said.
This blog is intended to provide information to the general public and to practitioners about developments that may impact Oregon class actions.