Capital One’s (COF) data breach of 100 million credit card applications and accounts could become costly for the company as well as its compromised customers.
“This damage to Capital One is probably going to exceed $200 to $300 million dollars by the time it’s all said and done,” said Morgan Wright, cybersecurity expert and senior fellow at the Center for Digital Government, on Yahoo Finance’s The Ticker.
Credit rating agency DBRS estimates the incremental costs to be $100 million to $150 million this year. In a note, it says the costs will be “associated with customer notifications, credit monitoring, technology costs, and legal support.”
But in less than 24 hours since the bank disclosed the hack, it was hit with a proposed class action lawsuit over serious “security failures” along with an investigation by New York Attorney General Letitia James.
Even though lawsuits are expected to pile up, Wright believes it won’t drag out as long as Equifax (EFX) did, after only agreeing last week to pay $700 million to settle its security breach impacting 147 million people two years ago.
“In something like this, I think this one is going to be pretty much accelerated. It was very quick, it was contained, the FBI was able to get on this right away and make an arrest so we now know what the extent of the damage is,” he said.
And Wright says Capital One’s case is not like Equifax.
“It wasn’t really like gross negligence, like it was at Equifax where they were warned, they were told you’ve got this vulnerability you should’ve patched it,” said Wright.
Wright said he believes the costs to Capital One will be limited compared to the credit agency, but there are other factors that will add to the damage to the bank.
“It’s not the penalties, it’s going to be all the long-term cost, all the reputation hit, the lost business,” he said. “That’s going to hurt Capital One more than any litigation will at this point.”
Grete Suarez is producer at Yahoo Finance for YFi PM and The Ticker. Follow her on Twitter: @GreteSuarez