Season 3, Episode 2: Spark of Genius, The Likely Ramifications of Capital One’s Data Breach (Blog Post)

By: Payton Hoff & Anis Houssein

In the middle of 2019, Capital One faced more than thirty federal class actions after the bank’s announcement of a data breach that uncovered the data of about 100 million customers in Canada and the United States. Class actions have been filed in federal courts in Virginia, where Capital One is headquartered, as well as Washington, D.C., Seattle, San Francisco, New York, Philadelphia, and Tampa.

On July 19, 2019, an unauthorized entry by a data thief allowed the acquisition of Capital One’s credit card customers’ personal information. The breach affected over 100 million individuals in the United States. The information exposed was information that the bank obtained between the period of 2005 through the first three months of 2019.

Capital One announced the breach on July 29, about two weeks after company officials claim they discovered the cyberattack. Capital One said it expected up to $150 million in costs because of the breach, including charges for legal support, and had $400 million in insurance coverage.

Capital One, after the discovery of the breach, directly notified by mail all individuals whose personal information was accessed. Capital One informed these individuals that it would continue to offer free credit monitoring and identity protection software to prevent any potential use of their data.

In their lawsuits against Capital One, the customers alleged that the banking company’s failure to honor its duty under the contract that required, as is required of any bank, to engineer effective cybersecurity systems, anti-hacking technological software, and to alert users of intrusion within an hour of detection and to maintain reporting systems sufficient to protect private information from unauthorized access. Another obligation that Capital One is alleged to have failed to honor is the duty to delete any private information the bank does not need, such as rejected applications.

Capital One is also subject to federal law under the Gramm-Leach-Bliley Act (GLBA). Banks under the act are subject to specific requirements in the area of protecting private information. The act requires banks to demonstrate their processes for sharing personal data, the necessity of using the information in the banking business to potential applicants and customers, and how they are going to protect the information.

Therefore, Capital One has allegedly breached its obligations to maintain appropriate technological and other systematic programs to prevent unauthorized access to customers’ data, failing to minimize the private information that any intrusion could compromise, and failing to notify its customers of the data breach at the right time. Customers allege that Capital One provided the means for a third party to access, obtain, and misuse their private information and that all the above duties were reasonably foreseeable to any bank in the business that this kind of breaches would expose the private information to criminals.

Moreover, the allegations stated that Capital One knowingly and deliberately enriched itself by saving the costs the banking company reasonably should have spent on data security measures and the best protection system in the market to secure private information. Instead of providing a reasonable level of security, Capital One utilized cheaper, ineffective security measures at the expense of their customers. The victims, on the other hand, suffered as a direct and proximate result of Capital Ones’ decision to prioritize profits over security. The victims suffered and will continue to suffer injuries in the form of identity theft, attempted identity theft, loss of privacy, nuisance, and the expenses of mitigating those harms.

What We Think

Capital One will most likely go through the same scenario that Equifax went through in 2017. Equifax paid about $650 million to settle most lawsuits against the company because of their 2017 data breach. Equifax’s settlement has been, so far, the largest settlement of a data breach case in dollars and number of victims.

The settlement covered almost half of the inhabitants of the United States. The settlement not only compensated victims who lost funds, but also compensated people who suffered through the hassles of bank phone and credit-card customer service lines at $25 an hour. Nearly half of the settlement, $300 million, went towards victims who lost their private information to the data breach. The company also paid fines to end the investigations. Equifax paid $275 million in penalties to the Federal Trade Commission, the Consumer Financial Customer Protection Bureau, and forty-eight states.

Additionally, in the settlement, Equifax agreed to provide up to ten years of free credit monitoring services for about seven million people. However, if another million victims decide to sign up, it would cost Equifax more than $16 million. If all 147 million victims were to take part in the case, Equifax would pay more than $2 billion in total. Mr. Norman Siegel, a lawyer representing victims in the settlement, stated that “if people wanted Equifax to pay more, they should sign up for credit monitoring.” Equifax was prepared and added $125 million to the claims fund in case the initial $300 million is depleted besides potential costs for credit monitoring.

Equifax’s situation will likely be the path that Capital One will follow. With these high-profile data breaches happening only within a few years of each other, one should wonder how prepared other financial companies should be to prevent large data breaches, as the ramifications have been shown to be costly for those companies.

Season 3, Episode 1: Spark of Genius, The Case for Nationalized Cryptocurrency (Blog Post)

By: Garrett Derian-Toth & Matthew Ritter

Over the past decade, there has been an explosion of discussion, emphasis, and interest in the regulation and adoption of cryptocurrency in some way in the United States government, and in various governments across the world. This is in part because internet-based transactions have amplified the dependency on network communications. In commerce, the need for security and the need to reduce the stress of performing financial transactions through traditional mediums will be essential to ensure that transaction costs are as low as possible. Currently, in the United States, when commercial transactions are made between parties, financial institutions are the middlemen, and behind them is the federal government. The presence of these parties is not baseless, it keeps commerce running smoothly with minimal disruptions. However, as the number of transactions increases and technology develops, financial institutions’ current functions becomes less efficient. Cryptocurrencies may be able to improve the efficiency of internet-based transactions in a number of ways. Cryptocurrency transactions allow a decrease in the transaction costs. Also, there is almost no delay in moving funds and less of a dependency on potentially outdated federal payment systems.

Despite these benefits, many governments have raised significant concerns over broad adoption of cryptocurrency, leading to suspicion of those utilizing the currency and a slower adoption of the cryptocurrency as a valid payment method. These suspicions are not without merit. In fact, the lack of traceability of some cryptocurrency transactions and the use of cryptocurrency as the medium of exchange on black markets does pose a substantial issue if a national cryptocurrency were to be adopted. As of today, in fact, the United States continues to consider cryptocurrency, or virtual currencies as described by the IRS, as a form of property and not a form of legal tender. In short, the United States government does not view cryptocurrencies as currency, but rather as something more similar to securities or stock, which can be exchanged and have some value, but cannot be used as true legal tender. While governments seem slow to adopt this form of currency, private entities have been pushing for both development of their own cryptocurrencies and for less regulation of cryptocurrency in general. The contention of these private entities seems to be that the market efficiency and decreased transaction costs, if coupled with the correct regulation, outweighs the potential negatives of this form of currency.

One potential solution for the concerns of the governments and the desires of the private marketplace would be to institute some form of a national cryptocurrency made by adopting a polycentric approach in which the government and private institutions create and adopt a cryptocurrency backed by the United States Dollar. The idea of developing a national cryptocurrency has been kicked around by a number of countries and has been adopted, and rejected, by some countries. The technical term for this form of cryptocurrency is a central bank-issued digital currency (CBDC). One potential positive for a national cryptocurrency would be that governments could avoid the erosion of lex monetae. The adoption of a national cryptocurrency, along with a preclusion of private cryptocurrency, would enable the United States and other countries with similar agendas to maintain control over the marketplace in the same way they currently do. Furthermore, a federal cryptocurrency would be easier to regulate and track in many ways than its private counterpart would be.

Recent incidents, such as Mark Zuckerberg’s Senate hearing on Libra (Facebook’s cryptocurrency in development with numerous other companies), point towards general skepticism of cryptocurrency by the United States government. While it may not be on the near horizon, companies like Facebook could force the governments’ hand in some way by adopting private cryptocurrencies and driving the market forward by themselves. While the adoption of a national cryptocurrency is only one potential solution to the regulatory issues cryptocurrencies pose to sovereign nations, it may be the best way to both drive the market forward, provide private and financial institutions what they want in regards to marketplace efficiency, and avoid the potential downfalls of unregulated cryptocurrency.

Fire of Genius, Season 3

Season 3, Episode 1: Spark of Genius, The Case for Nationalized Cryptocurrency (Blog Post)

Season 3, Episode 2: Spark of Genius, The Likely Ramifications of Capital One’s Data Breach (Blog Post)

Season 3, Episode 3: Spark of Genius, U.S. Films in China – Reasons for Rampant Copyright Infringement and Proposed Solutions (Blog Post)

Season 3, Episode 4: Spark of Genius, .COM Trademarks – Booking.com Case May Change How We View Domain Name Trademarks (Blog Post)

Season 3, Episode 5: Spark of Genius, Tiger TrademarKing – How IP Took Down the ‘Tiger King’ (Blog Post)