Capital One Believes They Will be OK from Mega Consumer Data Breach Scandal

Posted on 08/24/2019

There is a reason why sovereign fund and venture capital firms are betting big on cybersecurity startups and growth companies, especially cloud-security companies. Capital One (Capital One Financial Corporation), known for giving young Americans credit cards, has been dealing with the fallout from a massive data breach affecting over 100 million people in the U.S. and an estimated 6 million in Canada.

This event was one of the largest-ever thefts of bank data. Richard D. Fairbank, Founder, CEO, and Chairman, is still hopeful about the future: “In the second quarter, Capital One continued to post solid results as we invest to grow and to drive our digital transformation.” This digital transformation would, theoretically, do more to protect it from future cyber hacks, such as the highly publicized “cybersecurity incident” announced in July 2019. The scandal forced Fairbank to issue an apology through a statement: “I am deeply sorry for what has happened.” Those swayed by Capital One’s barbarian-themed “What’s in your wallet” advertising campaign from 2005 to 2019 were actually the target of an internet-based raider. Data lost includes names, addresses, postal codes, dates of birth, income, and more. U.S. federal prosecutors charged Paige A. Thompson, a former employee from Seattle, of the massive data breach at Capital One. Thompson may have hacked more than 30 other organizations, according to various news sources. Thompson obtained personal information from more than 100 million credit applications at Capital One.

Capital One management has reported: “We have invested heavily in cybersecurity and will continue to do so.” This directly contradicts a Wall Street Journal article from August 2019 that uncovered staff turnover in the IT department and mentioned unheeded warnings of vulnerabilities in the system. Moving to the cloud made Capital One vulnerable to a former employee of Amazon Web Services (AWS), the cloud manager. Capital One stands behind its decision to move to the cloud, and points out that hacks can occur outside of the cloud. More importantly, management shares cost estimates: “We expect the incident to generate incremental costs of approximately US$ 100 to US$ 150 million in 2019. Expected costs are largely driven by customer notifications, credit monitoring, technology costs, and legal support.”

Capital One is at risk for government investigations and class-action lawsuits. For example, Attorney General of New York Letitia James pledged to investigate Capital One over the data breach. However, Capital One also shared that they believe insurance is expected to cover the bulk of the payout in potential lawsuits. There will also be some investment in new security licensing, and an overall increase in the IT budget. Despite the costs, Capital One is undaunted, counting on consistently improving operating efficiency ratios for the next several years. An annual operating efficiency ratio of 42% is forecast for 2021. However, Capital One’s 10-k filing does reveal that Q2 income of US$ 1.6 billion would be “offset by higher non-interest expense largely due to marketing expense and a legal reserve build.” Over the intermediate term, Capital One expects to shrug off any losses connected to the data breach: “We are commonly subject to various pending and threatened legal actions relating to the conduct of our normal business activities. In the opinion of management, the ultimate aggregate liability, if any, arising out of all such pending or threatened legal actions is not expected to be material to our consolidated financial position or our results of operations.”


The data breach clearly had no impact on Capital One’s plans to purchase United Income, a robo-advisor for retirees. United Income is a project of Morningstar and eBay founder Pierre Omidyar. It was acquired on July 31, 2019. Capital One is going toe to toe with JPMorgan Chase, Wells Fargo, and others who are making large bets on the robo-advisor market. United has US$ 741 million in assets under management.

Institutional Investors

Looking at 2019 filing data, some of the top institutional investor shareholders of Capital One include Dodge & Cox, Capital World Investors, Vanguard Group Inc., BlackRock Inc., State Street Corporation, FMR LLC (Fidelity), and Davis Selected Advisers.