Just a week after Equifax reached a settlement for its massive 2017 data breach, credit card titan Capital One revealed that it too had been compromised in a hack affecting over 106 million customers in March.
Now it could pay between $100 million to $500 million in U.S. fines for the breach, according to an early estimate by Morgan Stanley analyst Betsy Graseck in a Wednesday note to clients.
“While only a limited number of social security numbers were exposed, the sheer magnitude of customers that had their personal information hacked could expose Capital One to regulatory fines and or state settlements,” she wrote. “One unknown? Impact of affected Canadian customers, given the higher percentage of exposed Social Insurance Numbers.”
The hack affected about 100 million U.S. consumers, and 6 million Canadian clients, according to Capital One. About 140,000 Social Security numbers and 80,000 linked bank account numbers were obtained through the breach. But Canadians were more heavily impacted, with about one million Social Insurance numbers compromised.
Capital One says it expects the breach to cost $100 million to $150 million in 2019.
“While I am grateful that the perpetrator has…