Today is the final day that Capital One customers can claim part of a $190 million settlement stemming from a massive 2019 data breach that exposed more than 100 million people's personal information.
Plaintiffs in a class-action lawsuit argued that hacker Paige Thompson wouldn't have been able to access Capital One's cloud computing systems if adequate cybersecurity protections had been in place. The bank "knew of the particular security vulnerabilities that permitted the data breach" according to the suit, but did nothing to rectify them.
Capital One didn't respond to a request for comment. In a statement, it said it was agreeing to the payout "in the interest of avoiding the time, expense and uncertainty of continued litigation."
Here's what you need to know about the Capital One settlement, including who is eligible for a check, how to file a claim and how much money you could be eligible to receive.
For more on class-action cases, find out if you're eligible for money from T-Mobile's $350 million data breach case, Apple's $14.8 million iCloud storage settlement or Sara Lee's $1 million false advertising settlement.
What happened in the 2019 Capital One data breach case?
In one of the largest financial security breaches in US history, a hacker accessed the personal information of about 106 million Capital One customers and applicants in March 2019.
The massive cyberattack went undiscovered for four months.
Capital One said about 140,000 Social Security numbers and 80,000 US bank account numbers were exposed, as well as birth dates, addresses, phone numbers, credit balances, transactions and credit scores. No login information or credit card account numbers were obtained, according to the bank, though one million Canadian credit card customers and applicants had their Social Insurance Numbers revealed.
In June 2022, Seattle engineer Paige Thompson was convicted of wire fraud and unauthorized access and damage to a protected computer in connection with the attack. According to Capital One, Thompson illegally gained access to personal information related to credit card applications dating between 2005 and early 2019 for both personal and small-business accounts.
In addition to paying out $190 million to affected customers, Capital One was fined $80 million and has agreed to enhance its cloud security standards.
Who qualifies for money in the Capital One settlement?
Some 98 million applicants and cardholders are eligible to file a claim, according to Capital One, which said it sent letters and emails to members whose Social Security numbers or bank account numbers were exposed in the hack.
If you believe you are eligible but did not receive a notice, you can contact the settlement administrator at 855-604-1811 for assistance.
When is the deadline to file a claim?
The original deadline to mail or submit a claim online in the Capital One case was Aug. 22, 2022. It was extended to Sept. 30.
How much can I receive from the Capital One settlement?
Class members can collect up to $25,000 for lost time and out-of-pocket expenditures relating to the breach, including unreimbursed fraud charges, money spent preventing identity theft and fees paid to professional data security services.
You can claim up to 15 hours of lost time spent addressing the issue, at a rate of at least $25 per hour.
The settlement also provides three years of free identity protection services through the Pango Group, including identity monitoring, lost wallet protection, security freeze capabilities, dark-web monitoring, free account restoration, and $1 million in identity theft and fraud insurance.
How do I file a claim in the Capital One settlement?
You can file online at the class-action settlement website. You'll need the Unique ID and PIN printed on the notice you received from Capital One in the mail or via email, along with detailed documentation, including receipts, bank statements, voided checks and invoices. (If you lost your notice or never received one, contact the settlement administrator at 855-604-1811.)
You can also print out a paper claim form and mail it in, along with any supporting documentation, to the settlement administrator at:
Capital One Data Breach
P.O. Box 4518
Portland, OR 97208–4518
When will I receive my payment?
The settlement was given final approval on Sept. 8, but there may still be appeals that slow the distribution process down.
"This may take several months or more," according to a FAQ on the settlement website. The settlement administrator will notify claimants about the timeline for payments.
Payments will be made by either direct deposit or paper check, depending on the method selected.