Capital One class action claims bank responsible for data breach

A new class action lawsuit has been filed against Capital One Financial Corporation, alleging that the company failed to protect its customers’ personal identifiable information (PII) from a serious data breach. The lawsuit claims that between August 2022 and May 2023, a former Capital One employee gained unauthorized access to sensitive customer data due to weak cybersecurity measures.

Allegations Against Capital One

The lawsuit, filed by plaintiff Andrew Willoughby in the U.S. District Court for the Eastern District of Virginia, accuses Capital One of negligence in safeguarding customer data. The breach allegedly exposed sensitive information, including:

• Full names
• Social Security numbers
• Addresses
• Email addresses
• Dates of birth
• Telephone numbers
• Credit card numbers
• Transaction history and financial details

The plaintiff argues that this failure has put thousands of customers at risk of identity theft, fraud, and financial loss.

Delayed Customer Notification

One of the major concerns in the lawsuit is Capital One’s delayed response in notifying affected customers. According to the class action complaint, Capital One did not inform customers about the breach until January 2025—several months after the unauthorized access had occurred.

By withholding this information, the lawsuit claims, Capital One deprived customers of the opportunity to take protective measures, such as monitoring their credit reports or freezing their accounts.

Impact on Customers

The consequences of this data breach could be long-lasting. The lawsuit argues that affected customers may face risks such as:

• Unauthorized charges on their accounts
• Identity theft and fraudulent activities
• Long-term financial monitoring costs
• Damage to credit scores and personal finances

Willoughby, the lead plaintiff, states that he has already experienced an unauthorized charge on his Capital One credit account as a result of the breach.

Legal Action and Compensation Sought

The class action lawsuit seeks to represent all individuals whose data was exposed in the breach. The plaintiff is demanding:

• Compensatory damages for financial losses
• Reimbursement for out-of-pocket expenses related to fraud prevention
• Injunctive relief to improve Capital One’s cybersecurity measures
• Attorney fees and legal costs

Additionally, the lawsuit requests a jury trial to determine Capital One’s liability in the matter.

Previous Legal Issues for Capital One

This is not the first time Capital One has faced legal scrutiny. In January 2025, the Consumer Financial Protection Bureau (CFPB) filed a separate lawsuit against the company, alleging that it had cheated consumers out of more than $2 billion in potential interest earnings on their savings accounts.

What Affected Customers Should Do

If you believe your information was exposed in the Capital One data breach, consider taking the following steps:

1. Monitor Your Accounts – Check your bank and credit card statements for unauthorized transactions.
2. Freeze Your Credit – Placing a credit freeze can help prevent identity thieves from opening accounts in your name.
3. Enable Fraud Alerts – Contact credit bureaus to set up fraud alerts, which notify you of suspicious activity.
4. Change Passwords – Update your Capital One and other financial account passwords to enhance security.
5. Consider Legal Action – If you’ve suffered losses, you may qualify to join the class action lawsuit.

Final Thoughts

Capital One’s data breach has raised serious concerns about the company’s ability to protect customer information. With delayed notifications and potential financial harm to thousands, the class action lawsuit aims to hold the bank accountable. Customers affected by the breach should remain vigilant and take necessary precautions to safeguard their financial security.

FAQs: