New York Attorney General Letitia James announced today that her office plans to investigate the Capital One data breach that impacted more than 100 million people in the US and Canada. “[We] will work to ensure that New Yorkers who were victims of this breach are provided relief,” James said in a statement. “We cannot allow hacks of this nature to become every day occurrences.”
The breach, allegedly carried out by a former Amazon Web Services engineer, compromised names, addresses, phone numbers, emails, dates of birth, and self-reported incomes. Capital One’s press release also claims that 140,000 US Social Security numbers, 80,000 bank account numbers, and 1 million Canadian social insurance numbers were also compromised.
This data breach follows the settlement of another monumental breach: Equifax. In that 2017 incident, the company exposed as many as 147 million people’s personal information, including names, birthdates, addresses, and Social Security numbers. It recently settled with the Federal Trade Commission for at least $575 million, although that amount could go as high as $700 million depending on how much compensation people claim. Both Equifax and Capital One say their breaches stemmed from unpatched vulnerabilities. (You can check to see if you were compromised in the Equifax breach and file for compensation by following the steps outlined here.)