Personal details of about 106 million individuals across the US and Canada were stolen in a hack


In July 2019, the company announced one of the largest thefts of bank data in US history affecting more than 100 million credit card customers after an attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data in March and April 2019. Anyone that applied for a card with the bank between 2005 and 2019 were presumed part of the breach.

The exposed information included information on credit scores, credit card limits, balances, credit history, home addresses, Social Security numbers and bank account numbers. The company said that no credit card account numbers or log-in credentials were exposed in the incident.

In June 2022, an ex-Amazon Web Services employee was found guilty of multiple crimes in relation to this breach and in October the same year received a sentence of time served plus five years of probation.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • Capital One Financial Corporation

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here