Episode 108 -- The Capital One Data Breach and Vendor Cybersecurity Risks
Hackers have increasingly focused on third-party vendors as avenues to data held by associated businesses. On August 25, 2022, DoorDash announced that it had experienced a data breach which impacted the personal...more
Paige Thompson, a former Amazon Web Services employee, was recently convicted of seven counts of fraud in U.S. District Court for stealing personal data from more than 100 million customers from unsecured accounts stored on...more
The saga of the Capital One data breach, which impacted an estimated 106 million individuals in the U.S. and Canada, may soon be coming to an end. After more than two years of litigation, the parties have reached a settlement...more
Two major U.S. financial institutions, Morgan Stanley and Capital One, recently agreed to resolve separate class action lawsuits by paying, in the aggregate, hundreds of millions of dollars in compensation for massive data...more
Supreme Court of Virginia Declines Certified Questions from Federal Court in In re: Capital One Consumer Data Security Breach Litigation - The lawsuit In re: Capital One Consumer Data Security Breach Litigation, has already...more
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine....more
In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. In contrast to an earlier...more
- In ongoing multidistrict litigation concerning Capital One’s 2019 data breach, Capital One succeeded in defeating a motion to compel disclosure of a privileged root cause analysis conducted by PwC. - In contrast to an...more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - The Office of the Comptroller of the Currency fined Capital One USD 80 million for inadequate data controls leading to a 2019 data breach and for failing to fix...more
Just over a year ago, on July 19, 2019, one of the largest confirmed data breaches in history was identified. The Capital One data hack exposed the personal information of more than 100 million customers and credit applicants...more
As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers. ...more
In March 2019, Capital One experienced a significant hacking incident in which a former tech company software engineer for Amazon Web Services (AWS), Capital One’s cloud hosting company, exploited a misconfigured open-source...more
CYBERSECURITY - Maze Continues to Strike Companies - It is being reported by ZDNet that the Maze ransomware group has attacked two companies that, apparently, refused to pay the requested ransom, so Maze, as it...more
Dramatically escalating the growing tension with China (despite considerable ambiguity in its language), the White House issued executive orders that would “ban all ‘transactions’” with ByteDance, the Chinese owner of TikTok,...more
The U.S. Office of the Comptroller of the Currency (OCC) announced this week that it has entered into a Consent Order and fined Capital One $80 million for the data breach the company experienced last year....more
On May 26, 2020, in In re Capital One Consumer Data Security Breach Litigation, MDL 1:19md2915 (E.D. Va.) the Federal District Court for the Eastern District of Virginia (Alexandria Division) (Anderson, J.) held that a...more
On June 25, a Federal District Court in Virginia (Anthony J. Trenga, U.S.D.J.) affirmed a Magistrate Judge's Order requiring Capital One to produce a vendor's post-breach forensic report to plaintiffs in a consumer class...more
In a recent decision, a Virginia federal magistrate judge held that the attorney work product doctrine did not protect from discovery a forensic investigation report created for Capital One in the wake of a 2019 data breach....more
A May 26, 2020 order by U.S. Magistrate Judge John F. Anderson (E.D. Va.) that attorney work product protection did not preclude production of a forensic vendor's data breach investigation report to plaintiffs in the Capital...more
The United States District Court for the Eastern District of Virginia (Court) has held that a cyber-forensic investigation report was not protected by the attorney work product doctrine and ordered Capital One to produce it...more
In the action In Re Capital One Consumer Data Security Breach Litigation, No. 19-2915 (E.D. Va.) (Capital One), a Virginia federal court determined that a forensics investigation report conducted by a third-party investigator...more
Last week, a magistrate judge in the Eastern District of Virginia held that a breach report prepared by Mandiant (a digital forensics investigator, among other things) in response to the Capital One data breach was not...more
A recent order by a federal court in Virginia rejected arguments that a cybersecurity consultant’s data breach report, which had been prepared at the direction of outside legal counsel, qualified for work product protection....more
Last week, the U.S. District Court for the Eastern District of Virginia ordered Capital One to produce a forensic investigation report in multidistrict litigation arising out of the cyber incident Capital One announced in...more
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted...more