MORGANTOWN – A West Virginia attorney has launched an investigation to find out just how many in the state were affected by a giant credit card data breach and what legal moves can be taken, collectively or individually.
Kelly Reed, of Kelly Reed Law, said she is aggressively following the Capital One breach, which was publicly revealed in July with the arrest and charging of a Seattle-based software engineer, though the hack happened months earlier.
More than 100 million people, mostly in the United States but also Canada, had their information potentially exposed by the breach.
They applied to Capital One for a credit card from 2005 to early 2019. Among the data exposed were names, contact information, credit scores, limits and balances, social security numbers, and transaction data.
While Capital One has said "no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised," the company added an investigation is ongoing.
Paige Thompson, 33, is accused of gaining access to 140,000 Social Security numbers, one million Canadian Social Insurance Numbers and 80,000 bank account numbers after allegedly managing to exploit a weakness in a firewall.
Morgantown-based attorney Reed told the West Virginia Record she is investigating how many in the state were affected. She is also encouraging potential victims and other law firms to reach out to her firm.
"What we have had are numerous calls in response to social media reports about the Capital One breach," Reed said. "While there have been a couple of class actions filed by bigger firms, none has yet been filed in West Virginia."
She noted that individuals have different options if they believe their information was breached, including potentially joining a class action or take a case personally.
The attorney's understanding is that some people received letters stating that they are in the subset who had their Social Security numbers, and other information, downloaded.
"It is not clear state by state how many people are affected, so we don't know how many in West Virginia," said Reed, but she added that it involves a third of the population nationwide, and Capital One has a reputation of targeting and approving those with less than stellar credit scores.
The attorney said those believing they were exposed should check all of their credit information, including reports and scores.
"Many West Virginians are likely to have applied for or have a Capital One credit card. An untold number of West Virginians are at risk, with this breach potentially affecting neighbors, friends and colleagues," Reed said.
Miami-based legal firm Colson Hicks Eidson filed the first class action suit in mid-August, some two weeks after the breach was publicly revealed. The hack happened over two days in March.
Virginia-headquartered Capital One Financial Corporation is accused by the lead plaintiffs of "negligence in failing to safeguard consumers’ personal information.”
The core reason for such a class action, and potential settlement, is to "rap the knuckles" of the big companies and make sure they are more careful with personal data, Reed said. The action was filed in federal court in the Eastern District of Virginia.
According to the criminal complaint against Thompson, the engineer tried to share information with others online. It also noted that she previously worked as a software engineer for Amazon Web Services, which cloud hosted Capital One data.