Data Breach Notifications

Entity Information

  • Type of Organization: Financial Services
  • Entity Name: Capital One
  • Street Address: 1680 Capital One Drive
  • City: McLean
  • State, or Country if outside the US: Virginia
  • Zip Code: 22102

Submitted By

  • Name: Christina Bhirud
  • Title: Senior Counsel
  • Firm name (if different than entity):
  • Telephone Number: (702) 908-5083
  • Email Address: Christina.Bhirud@capitalone.com
  • Relationship to entity whose information was compromised: Senior Counsel

Breach Information

  • Total number of persons affected (including residents): This is a follow-up to the letter we sent to your Office via Federal Express on February 26, 2021, a copy of which is attached here. We sent the letter on February 26, 2021, to provide an update to the notification letter Capital One sent your Office on August 14, 2019, and the follow-up letter we sent your Office on September 11, 2019, about the data security incident that Capital One discovered on July 19, 2019, and which occurred on March 22 and 23, 2019. We provided our update on February 26, 2021, because we recently determined that the Social Security numbers of an additional 4,678 customers were in the data that the unauthorized individual accessed in 2019, bringing the total number of impacted customers to 198,419. We received an email from your Office dated April 1, 2021, advising that the update we provided on February 26, 2021, should also be submitted using this form. A copy of that email is also attached here.
  • Total number of Maine residents affected: This is a follow-up to the letter we sent to your Office via Federal Express on February 26, 2021, a copy of which is attached here. We sent the letter on February 26, 2021, to provide an update to the notification letter Capital One sent your Office on August 14, 2019, and the follow-up letter we sent your Office on September 11, 2019, about the data security incident that Capital One discovered on July 19, 2019, and which occurred on March 22 and 23, 2019. We provided our update on February 26, 2021, because we recently identified additional personal information that was impacted in the previously announced data security event. Specifically, Capital One recently determined that the Social Security numbers of an additional 20 Maine residents were in the data that the unauthorized individual accessed in 2019, bringing the total number of impacted Maine residents to 1,233. We received an email from your Office dated April 1, 2021, advising that the update we provided on February 26, 2021, should also be submitted using this form. A copy of that email is also attached here.
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified: Yes
  • Date(s) Breach Occured: Capital One recently identified additional personal information that was impacted in the previously announced data security incident that Capital One discovered on July 19, 2019, and which occurred on March 22 and 23, 2019.
  • Date Breach Discovered: This is a follow-up to the letter we sent to your Office via Federal Express on February 26, 2021, a copy of which is attached here. We sent the letter on February 26, 2021, to provide an update to the notification letter Capital One sent your Office on August 14, 2019, and the follow-up letter we sent your Office on September 11, 2019, about the data security incident that Capital One discovered on July 19, 2019, and which occurred on March 22 and 23, 2019. We provided our update on February 26, 2021, because on January 27, 2021, Capital One determined that the personal information of additional Maine residents was in the data that the unauthorized individual accessed in 2019. Please see attached letters for more information.
  • Description of the Breach:
    • External system breach (hacking)
  • Information Acquired - Name or other personal identifier in combination with: Social Security Number

Notification and Protection Services

  • Type of Notification: Written
  • Date(s) of consumer notification: The original impacted population of Maine residents were notified on the following dates: 8/8/2019, 8/15/2019, 8/22/2019, 8/24/2019, 8/29/2019. The new impacted state residents were notified on 2/26/2021. Please see attached letter for more information. We received an email from your Office dated April 1, 2021, advising that the update we provided on February 26, 2021, should also be submitted using this form. A copy of that email is also attached here.
  • Copy of notice to affected Maine residents: Notification - DSE 300531 - State - ME AG Follow Up.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: 24 months of free credit monitoring through the “myTrueIdentity” service by TransUnion