Today, Capital One — a popular bank and credit card company — announced that an “outside individual” with “unauthorized access” had obtained the personal information of about 106 million customers who had applied for its credit card products.
The following can be attributed to Dylan Gilbert, Policy Fellow at Public Knowledge:
“Just one week after the Federal Trade Commission’s Equifax settlement, we learn that the personal data of an estimated hundred million U.S. consumers, including names, addresses, and 140,000 social security numbers, was compromised.
“The question remains: Why didn’t Capital One fully encrypt this data, and why didn’t the company place this vast trove of personal information behind a properly configured firewall? Security is challenging and mistakes happen, but unfortunately for consumers, companies have no incentive to engage in cybersecurity best practices when punishment comes in the form of financial penalties that can be factored in as a mere cost of doing business.
“Data breaches can lead to a host of privacy harms for consumers. After a data breach, sensitive consumer information leaks its way into the dark corners of the data economy. This data can then be used, without user knowledge or consent, for any number of nefarious uses, including stalking, digital redlining, fraud and identity theft, just to name a few.
“While it is fortunate that the sensitive data involved in this breach appears not to have been shared or sold by the hacker, the incident further underscores the need for comprehensive federal privacy legislation. Such legislation should impose requirements on companies to protect the confidentiality, integrity, and availability of personal data, empower law enforcement to hold companies meaningfully accountable, and provide consumers with adequate redress.”
Members of the media may contact Communications Director Shiva Stella with inquiries, interview requests, or to join the Public Knowledge press list at shiva@publicknowledge.org or 405-249-9435.