A software engineer at AWS was responsible for the attack, which exposed information including bank account details. “Although Capital One and AWS have denied all liability, in order to avoid the time, expense and uncertainty of further litigation, plaintiffs and Capital One have issued a term sheet containing key terms of the class settlement which, if approved by this court, will fully resolve all claims brought by the plaintiffs,” reads the US District Court for the Eastern District of Virginia. In an emailed statement, Capital One said the essential facts of the case have not changed since it announced the event in cooperation with federal authorities more than two years ago, when the hacker was arrested and the stolen information was recovered before it was distributed or used. fraudulent purposes. “We are pleased to have reached a settlement that will resolve the US consumer class action lawsuit,” the company added.
15. Uber: $148 million
In 2016 the Uber app had 600,000 drivers and 57 million user accounts breached. Instead of reporting the incident, the company paid the perpetrator $100,000 to cover up the hack. However, those actions cost the company dearly. The company was fined $148 million in 2018 — the largest data breach fine in history at the time — for violating the country’s data breach notification laws.
16. Morgan Stanley: $120 million (value)
In January 2022, investment bank and financial services giant Morgan Stanley agreed to pay $60 million to settle a legal claim related to data security. The deal, if approved by a federal judge in Manhattan, will resolve a lawsuit filed against the company in July 2020 over two security breaches that compromised the personal information of nearly 15 million customers. According to the plaintiffs, Morgan Stanley failed to protect the personally identifiable information (PII) of current and former clients. It is alleged that the data center equipment that the company retired in 2016 and 2019 was not properly wiped and a software flaw meant that unencrypted, sensitive data was visible to anyone who bought the equipment.
The proposed settlement of the lawsuit comes more than a year after Morgan Stanley was fined a separate $60 million by the Office of the Comptroller of the Currency (OCC) in connection with similar incidents. The OCC said Morgan Stanley failed to “properly manage the 2016 rollout of Wealth Management business data centers located in the US Among other things, the banks failed to effectively assess or address risks associated with the withdrawal of its hardware; failed to adequately assess the risks of subcontracting the cancellation activity, including exercising due diligence in selecting the vendor and monitoring its performance; and failed to maintain a proper inventory of customer data stored on obsolete hardware devices.” In 2019, banks encountered similar deficiencies in merchant management controls regarding disabling other network devices that also store customer data, the OCC added.
Source link