ALEXANDRIA, Va. (Legal Newsline) – Capital One and Amazon are facing a proposed class action lawsuit stemming from a March data breach and allegations they falsely marketed their public cloud software as safe.
Andrew Broderick, Jacqueline Burke and others, each individually and on behalf of all others similarly situated, filed a complaint Nov. 15 in the U.S. District Court for the Eastern District of Virginia against Capital One Financial Corp., Capital One Bank NA, Amazon.com Inc. and Amazon Web Services Inc. alleging violation of the Racketeer Influenced and Corrupt Organization Act (RICO), fraud by misrepresentation, unjust enrichment and other claims.
The plaintiffs allege they were affected by the March data breach by a former Amazon Web Services employee on Capital One.
The plaintiffs allege that the defendants "orchestrated a massive migration of highly sensitive data to a public cloud under the cover of false statements and Potemkin security software," and falsely marketed the software to consumers and regulators as safe.
"Defendants continue to aggregate and mine that data under the same perilous conditions that existed eight months ago," the suit states. "Customer data – years of it – is even today being aggregated and shared across hundreds of data mining systems, a simple SSRF attack away from another massive theft."
The plaintiffs are seeking an injunction ordering the removal of sensitive Capital One data from Amazon's cloud servers.
The plaintiffs seek actual, compensatory, statutory and consequential damages; a trial by jury; interest and all other just and proper relief. They are represented by Andrew Williamson and Andrew Pecoraro of Pierce Bainbridge Beck Price & Hecht LLP in Washington, D.C.; Yavar Bathaee, Michael Pomerantz, David Hecht, Maxim Price and Michael Eggenberger of Pierce Bainbridge Beck Price & Hecht LLP in New York; and Brian Dunne of Pierce Bainbridge Beck Price & Hecht LLP in Los Angeles.
U.S. District Court for the Eastern District of Virginia case number 1:19-CV-01454-AJT-JFA