Kevin Reed
Capital One Financial Corporation announced on July 29 that it had been hacked 10 days earlier “by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital One credit card customers.”
A company press release reported that the personal information—including 140,000 Social Security numbers and 80,000 bank account numbers—of as many as 106 million Capital One consumer and small business applicants between 2005 and 2019 had been compromised. It also reported that “approximately 1 million Social Insurance Numbers” of Canadian credit card customers had been hacked.
Simultaneously with the Capital One announcement, the FBI reported that it had arrested Paige A. Thompson, a 33-year-old Seattle-area woman who was a former cloud computing services engineer, and charged her with computer fraud and abuse in connection with the Capital One data breach, one of the largest to ever impact a financial institution.
According to the Capital One press release, the company immediately fixed “the configuration vulnerability” that had been exploited and added, “it is unlikely that the information was used for fraud or disseminated.” It also said, “no credit card account numbers or log-in credentials had been compromised.”
As with all such previous breaches of public personal information held by giant corporations, the number one priority of Capital One management is investor damage control and girding against the potential liability claims by the public. The stock of Capital One dropped by 6 percent on Wall Street the day after the revelations.
Under a subheading of “What are the expected financial impacts of the incident,” the company does not focus upon the potential impact of the breach on consumer credit scores from the identity theft and fraud that will inevitably result from stolen social security numbers. Instead, Capital One reports that the breach will cost the company between $100 and $150 million from “consumer notifications, credit monitoring, technology costs and legal support.”
The company further goes on in detail about how the losses will be reported on its financial results as well as the fact that Capital One has insurance that covers a “cyber-risk event,” but it “is subject to a $10 million deductible and standard exclusions and carries a total coverage limit of $400 million.” This is from a company that was worth $373.6 billion as of June 30 and had net earnings of $1.6 billion in the second quarter of 2019.
Capital One is a “bank holding company” headquartered in McLean, Virginia that specializes in various forms of consumer credit. It is the tenth largest bank in the US by assets, with offices in the US, Canada and the UK. Capital One created the mass marketing of credit cards in the 1990s and it is known for its annoying television commercials with various Hollywood celebrities who ask, “What’s in your wallet?” The company was charged in 2012 with “misleading” customers into paying for services without asking and agreed to pay $210 million to provide refunds to 2 million card holders.
No comments:
Post a Comment