Capital One Financial Corp. said in a statement Monday it has $400 million in cyber insurance coverage limits, subject to a $10 million deductible.
A purported class action lawsuit was filed against Capital One on Tuesday in connection with the data breach that impacted about 106 million individuals in the United States and Canada.
McLean, Virginia-based Capital One said the breach stemmed from its decision to store data in Amazon.com Inc.’s cloud unit, Amazon Web Services, where a former employee, Paige Thompson managed to access its data. She was charged with computer fraud by federal prosecutors in Seattle.
The largest category of information accessed was on consumers and small business that applied for one of its credit card products from 2005 through early 2019, the company said in its statement.
The stolen data included personal information, such as names, addresses and dates of birth, as well as the Social Security numbers of 140,000 credit card customers and the linked bank account numbers of 80,000 credit card customers.
Capital One and affiliates are being charged with negligence and breach of implied contract, according to the complaint filed in the U.S. District Court for the District of Columbia in Kevin Zosiak et al. v. Capital One Financial Corp. et. al.
The complaint identifies Mr. Zosiak as a Stamford, Connecticut-based individual and Capital One Credit card customer whose sensitive information was compromised in the data breach.
It charges the defendants’ security failures demonstrate they “failed to honor their duties and promises” by not maintaining an adequate data security system, monitoring it to identify the data breaches, and cyberattacks, and adequately protecting sensitive information.
Separately, New York’s Department of Financial Services said in a statement it was “following the ongoing developments surrounding the data breach.”
Spokesman for Capital One, Amazon and Mr. Zosiak’s attorneys could not be reached for comment.
(Reuters) — Capital One Financial Corp.’s assurances that a major data breach would have a limited impact on customers or profits failed to convince investors on Tuesday, with the bank’s shares down more than 7%.