August 6, 2019

On July 29, bank and credit card company Capital One announced the discovery of a data breach affecting approximately 100 million customers in the United States and approximately 6 million in Canada. About 140,000 Social Security numbers and 80,000 bank account numbers were compromised, as well as personal information such as names, addresses, birthdays and “fragments of transactional data from a total of 23 days in 2016, 2017 and 2018.”

The breach brings its $400 million cyber coverage into play. The bank estimates its costs to be between $100 million and $150 million, mostly in the form of legal support and credit monitoring for its customers.

The cause? A “configuration vulnerability” in Capital One’s cloud server—that is, the company misconfigured its server.