On July 31, 2019, the Office of the Privacy Commissioner of Canada (OPC) announced that it is investigating a massive data breach at Capital One Financial Corporation (Capital One). The breach is reported to affect approximately 6 million Canadians and 100 million Americans whose personal information has been accessed without authorization. 

Capital One detected the breach on July 19, 2019. According to US court documents, a hacker allegedly gained access to Capital One’s servers on March 12, 2019, and, on April 21, 2019, posted details about the attack on GitHub. Capital One learned of the attack on July 17, 2019, when the company was alerted to the GitHub page through Capital One’s responsible disclosure program. After an investigation, Capital One officially confirmed the breach on July 19, 2019.

The leaked information is thought to include credit card application data including names, addresses, postal codes, phone numbers, email addresses, dates of birth and self-reported income. Social insurance numbers from approximately one million Canadians are also thought to be compromised. The company has indicated that it will be notifying affected individuals by letter or email starting August 5, 2019. The company expects that this process will take several weeks.

For more information about the Capital One data breach and what the company is doing to respond please see Capital One’s website here.

Summary By: Jae Morris


19 08 07

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.