Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Capital One Hit With First Class Action Over Security Breach (1)

July 30, 2019, 2:04 PMUpdated: July 30, 2019, 2:33 PM

Capital One is facing a federal class action filed hours after it disclosed a massive data breach implicating the personal information of millions of customers.

The company announced July 29 that a hacker had gained access to the personal information of about 106 million credit card customers and applicants, including about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers.

“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” the company said. This information also included names, addresses, phone numbers, email addresses, dates of birth, and self-reported income. The hacker also obtained portions of credit card customer data, including credit scores, credit limits, balances, and payment history, and fragments of transaction data, the company said.

The U.S. Justice Department has arrested a suspect, a former Seattle technology company software engineer. The intrusion occurred through a misconfigured web application firewall that enabled access to the data, according to the DOJ.

The company promised to make free credit monitoring and identity protection available to those affected.

Kevin Zosiak filed suit in the U.S. District Court for the District of Columbia July 30, saying the breach has left Capital One’s customers like him vulnerable to identity theft.

The company failed to maintain an adequate data security system to reduce the risk of data breaches and cyber-attacks, and failed to adequately monitoring its system to identify such threats, despite “ample warnings of weaknesses and risks to its systems” through past security breaches, Zosiak claims.

He has asked the court to certify the case as a class action.

New York announced July 30 that it is opening an investigation into the data breach.

Cause of Action: Negligence, negligence per se, breach of implied contract.

Relief: Zosiak is seeking an unspecified level of damages on behalf of these customers and applicants.

Potential Class Size: More than 106 million members.

Response: Capital One didn’t immediately respond to Bloomberg Law’s request for comment.

Attorneys: Zosiak is represented by Nussbaum Law Group P.C.

The case is Zosiak v. Capital One Financial Corp., D.D.C., No. 1:19-cv-02265, filed 7/30/19.

(Updated with additional background information)

To contact the reporter on this story: Brian Flood in Washington at

To contact the editors responsible for this story: Jo-el J. Meyer at; Nicholas Datlowe at