Capital One has agreed to pay $190 million to settle a class-action lawsuit filed by customers of the bank after a hacker stole the personal data of more than a 100 million people in 2019.
The settlement would cover 98 million customers who were affected by the breach, which was one of the largest data thefts from a bank. Capital One and its cloud services provider, Amazon Web Services, denied liability but said they would settle “in the interest of avoiding the time, expense and uncertainty of continued litigation,” according to a filing this week in federal court in the Eastern District of Virginia.
Last year, the bank agreed to pay $80 million to settle regulators’ claims that it lacked proper cybersecurity procedures as it began to use cloud storage technology.
The hacker, Paige Thompson, left an online trail for investigators to follow as she boasted about the breach, according to court documents in Seattle at the time. She was arrested and charged with one count of computer fraud and abuse.
Capital One has set aside funds for the settlement and is investing in its cybersecurity program under new leadership, it said in a statement.