Capital One Data Hack Being Investigated by Class Action Law Firm

A law firm has opened an investigation into customers affected by the massive Capital One hack and plans to file a class-action suit against the company, which revealed earlier this week that the personal information of 106 million people had been compromised.

About 140,000 customers had social security numbers compromised, and about 80,000 people had their bank account numbers compromised. Data including names, addresses, contact information and birthdates of customers could have been accessed, Capital One said in a press release announcing the hack, which it said it discovered last month.

"Capital One's lax data security has cost more than 100 million customers their privacy, and we believe legal action is the only motivation to force real accountability to those affected," Tom Loeser, a partner at the Hagens Berman Sobol Shapiro LLP firm conducting the investigation, said in a press release sent to Newsweek.

Capital One said that information on customers who applied for credit card products from 2005 to the beginning of 2019 was the "largest category" of data accessed. Hagens Berman expects to file the class-action suit "in the coming days," Ashley Klann, a spokesperson for the firm, told Newsweek over email.

Capital One CEO Richard D. Fairbank expressed regret for the hack, saying "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

But the incident has also focused attention on Amazon, since the individual accused of perpetrating the hack to access some of the data that Capital One had stored on Amazon Web Services had previously worked for the company.

"AWS was not compromised in any way and functioned as designed. The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud," an Amazon previously told Newsweek in a statement denying fault for the hack.

The Capital One incident is just the latest event in recent years to expose vast quantities of private information. In addition to security breaches at Home Depot, Uber and Marriott in recent years, consumer credit agency Equifax agreed last month to pay at least $575 million in a settlement for a 2017 breach, in which 147 million people had their information exposed.

"We need structural reforms and increased oversight of credit reporting agencies in order to make sure that this never happens again," Warner said in a statement after the Equifax settlement was announced last month.

Earlier this year, Virginia Senator Mark Warner and Massachusetts Senator Elizabeth Warren, along with two Democratic representatives, introduced legislation calling for credit agencies to be held accountable for data breaches.

In a poll taken after the Capital One hack was announced, YouGov found that 34 prevent of Americans thought that their data and personal information was very vulnerable to hackers, while 47 percent felt such content was somewhat vulnerable.

The Capital One Bank Headquarters is pictured on July 30 in New York City. JOHANNES EISELE/AFP/Getty Images