Advertisement

Morgan & Morgan seeks class action status for lawsuit targeting Capital One data breach

 
John Yanchunis, a Morgan & Morgan partner and the head of the firm's class action department, discusses a lawsuit he filed Tuesday against Capital One Financial, which has been hit by a data breach that compromised the privacy of an estimated 106 million people. RICHARD DANIELSON | Times
John Yanchunis, a Morgan & Morgan partner and the head of the firm's class action department, discusses a lawsuit he filed Tuesday against Capital One Financial, which has been hit by a data breach that compromised the privacy of an estimated 106 million people. RICHARD DANIELSON | Times
Published July 31, 2019

TAMPA — Morgan & Morgan said Wednesday it filed what it says is the first potential class action lawsuit against Capital One Financial over a data breach that compromised the privacy of about 100 million credit card applicants from the United States and about 6 million more from Canada.

The suit was filed on Tuesday in U.S. District Court in eastern Virginia, where Capital One is headquartered. The plaintiff is DuWayne Baird of Ohio, but the suit seeks to bring the case on behalf of all affected consumers in the United States.

"We've been contacted by hundreds of individuals ... consumers who are concerned, who have been affected in some way," said Tampa attorney John Yanchunis, who teamed up with a law firm in Baltimore to file the suit.

Q&A: What to know about the Capital One data breach

Yanchunis, a Morgan & Morgan partner who heads the firm's class action department, was part of the team that recently secured a $700 million settlement for people affected by the Equifax breach, which affected about 147 million people. He also was sole lead counsel in the Yahoo case, for which a $117.5 million settlement received preliminary approval in July for a class consisting of 194 million Americans and 270,000 Israelis.

Those data thefts and others, such as one in 2014 affecting Home Depot customers, should have been "a red flag to any company that held information and maintained that information in a very secure environment, which unfortunately did not occur here," Yanchunis said.

Capital One said it learned of the breach on on July 19, closed the vulnerability that allowed the breach and since has worked with the FBI, which has arrested Paige A. Thompson, who authorities say obtained Social Security and bank account numbers in some instances, as well other information such as names, birth dates, credit scores and self-reported income.

Thompson, 33, is a former systems engineer at Amazon Web Services, which hosted the cloud where the data was stored. She is believed to have downloaded the information this year by getting behind a misconfigured Capital One firewall meant to protect folders of data that Amazon Web Services was hosting for the bank. The suit Yanchunis filed names only Capital One Financial and two subsidiaries as defendants, but he said Amazon is a potential defendant, too.

"This is one of the largest breaches of a company that put that information on a cloud," he said.

Capital One has said it will reach out to those affected using "a variety of channels" and will make free credit monitoring and identity protection available to everyone affected. Consumers can visit capitalone.com/facts2019 for more information.

Consumer advocates also say anyone who believes they could have been affected should obtain copies of their credit reports at AnnualCreditReport.com. By federal law, consumers can receive a free copy of their credit report every 12 months from each of the three big agencies — Equifax, Experian and TransUnion. Once they get those reports, they should look over all of their listed accounts and loans to make sure their personal information is correct and that they authorized the transactions listed. If they find something suspicious, they should contact the company that issued the account and the credit-rating agency.

Consumers may also want to consider freezing their credit to stop thieves from opening new credit cards or loans in their name.

"I am deeply sorry for what has happened," Capital One chairman and chief executive officer Richard D. Fairbank said after the breach was disclosed. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."

That's a step in the right direction, Yanchunis said, but "seeing how the company responds now to consumers who will be affected by this will be the next significant event."

"Companies all too often act out of consequence, not conscience," he said. This latest problem could have been prevented "had this company been more on guard with the information protected."

MORE: Go here for more business news

Contact Richard Danielson at rdanielson@tampabay.com or (813) 226-3403. Follow @Danielson_Times