The bank resisted giving the report from PricewaterhouseCoopers to lawyers suing on behalf of consumers, claiming attorney-client privilege and a shield for documents connected to lawsuits.
A magistrate judge in the U.S. District Court for the Eastern District of Virginia sided with Capital One in a Aug. 21 order.
The order comes after Capital One was forced to share another report from a cybersecurity firm, FireEye Inc.'s Mandiant. The Mandiant report analyzed technical causes of the data breach, which was discovered in July 2019.
PwC was tasked with also looking at non-technical causes within the bank’s cyber department, such as lack of skills or spending. Its report also made recommendations that fed into Capital One’s post-breach remediation plans.
The consumers’ lawyers argued seeing the report was necessary to know more about the bank’s response because it still possesses consumers’ personal information.
The case is In Re: Capital One Customer Data Sec. Breach Litig., E.D. Va., No. 1:19-md-02915, 8/21/20.
To contact the reporter on this story:
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.