New Data Breach Settlement Could Pay Eligible Canadians Up to $25,000

New Data Breach Settlement Could Pay Eligible Canadians Up to $25,000

Stick to the Facts

Add Nbsla.ca as a Preferred Source on Google to see more of our stories in your search results.

Add as a preferred source on Google

Millions of Canadians affected by the 2019 Capital One data breach could soon receive financial compensation under a proposed $35 million class action settlement. If approved by the court, eligible Canadians may be able to claim payments ranging from reimbursement for documented financial losses to compensation for time spent responding to the breach, with some claims reaching as much as $25,000.

The settlement applies to many Capital One credit card applicants and cardholders across Canada who received official notification that their personal information had been exposed during the cybersecurity incident.

Although Capital One continues to deny any wrongdoing, the company has agreed to establish a settlement fund to resolve the lawsuit without proceeding to a lengthy trial.

For affected Canadians, understanding the eligibility rules, payment categories, claim process, and critical deadlines is essential. Missing an important date could mean losing the opportunity to receive compensation.


Understanding the Capital One Data Breach Settlement

A proposed class action settlement has been filed before the Supreme Court of British Columbia to compensate Canadians affected by the massive 2019 Capital One cybersecurity breach.

The settlement covers Canadian residents living outside Quebec who either applied for or held a Capital One credit card and later received a notification letter informing them that their personal information may have been compromised.

The proposed agreement establishes a settlement fund worth $35 million, which will be distributed among eligible class members after court approval and payment of legal and administrative costs.

The court is scheduled to decide whether to approve the settlement during a hearing on September 22, 2026.

Until then, class members must decide whether to remain in the settlement or opt out before the established deadline.


What Happened During the 2019 Capital One Cyberattack?

The data breach occurred between March 12 and April 21, 2019, when an unauthorized individual gained access to sensitive customer information stored within Capital One’s cloud infrastructure.

According to court documents, the attacker exploited a misconfigured web application firewall connected to the company’s Amazon Web Services environment.

Investigators later identified the individual responsible as a former Amazon Web Services software engineer.

Authorities in the United States prosecuted the attacker, resulting in convictions on multiple federal criminal charges, including wire fraud.

The Canadian class action alleges that Capital One failed to implement adequate security measures to properly protect customer information.

While the company denies these allegations, it agreed to resolve the litigation through a negotiated settlement rather than continue with years of additional court proceedings.


How Many Canadians Were Affected?

The breach ranks among the largest financial institution cybersecurity incidents involving Canadians.

Approximately six million Canadian residents received notification that some of their personal information may have been accessed without authorization.

Worldwide, the incident affected roughly 100 million individuals, making it one of the most significant consumer data breaches in recent history.

Because of the scale of the breach, thousands of Canadians may now qualify for compensation under the proposed settlement.


What Personal Information Was Exposed?

The unauthorized access involved a wide range of personal and financial information collected during Capital One credit card applications and customer account management.

Depending on the individual, the compromised information may have included:

Personal Identification Information

Personal records exposed during the breach may include:

  • Full name
  • Date of birth
  • Residential address
  • Telephone number
  • Email address

Financial Information

Some customers also had financial account information accessed, including:

  • Credit scores
  • Credit limits
  • Account balances
  • Payment history
  • Transaction records

Government Identification Numbers

A smaller group of Canadians had their Social Insurance Number (SIN) exposed.

Because a SIN can significantly increase the risk of identity theft, these individuals qualify for higher compensation under one portion of the settlement.

Credit Card Application Records

Information submitted during Capital One credit card applications may also have been accessed, including applications submitted by both individual consumers and small business owners.


How the $35 Million Settlement Will Be Distributed

If the court approves the agreement, Capital One will pay $35 million into a settlement fund.

Before payments are issued to class members, several expenses must first be deducted, including:

Legal Fees

Class counsel intends to request legal fees equal to 25 percent of the settlement fund, along with reimbursement for litigation expenses and applicable taxes.

Administrative Costs

The settlement fund will also cover:

  • Claims administration
  • Processing expenses
  • Notification costs
  • Taxes
  • Court-approved disbursements

Representative Plaintiff Honorarium

The representative plaintiff will receive a court-approved honorarium of $5,000 for participating in the litigation on behalf of the class.

The remaining balance will become the net settlement fund, which will be used to compensate eligible claimants.


Who Qualifies for the Settlement?

You may qualify if all of the following apply:

You Were Living Outside Quebec

The settlement only includes Canadian residents outside the province of Quebec.

You Applied for or Held a Capital One Credit Card

Both applicants and existing cardholders may qualify.

You Received a Breach Notification Letter

Eligibility generally depends on receiving an official notification from Capital One advising that your information may have been affected during the 2019 data breach.

If you did not receive such a letter, you may not fall within the class definition.


Categories of Eligible Class Members

Eligible Canadians fall into several groups.

SIN Members

These individuals received notice that their Social Insurance Number had been compromised.

Because of the increased identity theft risk, they qualify for enhanced compensation under one payment category.

Non-SIN Members

These are class members whose information was exposed but whose Social Insurance Number was not identified as compromised.

Annual Fee Members

Individuals who paid an annual Capital One credit card fee between July 31, 2013, and July 31, 2019 may qualify for additional reimbursement.


Compensation Categories Explained

The settlement provides three primary compensation categories.

Category A: Documented Financial Losses

This category offers the largest potential payment.

Eligible claimants may receive up to $25,000 for documented expenses directly connected to the breach.

Examples include:

  • Credit monitoring services
  • Identity theft insurance
  • Credit freeze costs
  • Fraud-related financial losses
  • Unreimbursed expenses
  • False tax return losses linked to identity theft

Supporting documentation such as receipts, invoices, bank statements, or similar records will be required.


Category B: Compensation for Time Spent Responding to the Breach

Many Canadians spent considerable time protecting themselves after learning about the breach.

The settlement recognizes this by offering compensation based on hours reasonably spent addressing breach-related issues.

Non-SIN Members

Eligible claimants may receive:

  • Up to five hours at $25 per hour
  • Maximum hourly payment of $125
  • Additional fixed payment of $75

Maximum possible payment: $200

SIN Members

Individuals whose Social Insurance Numbers were exposed may claim:

  • Up to eight hours at $25 per hour
  • Maximum hourly payment of $200
  • Additional fixed payment of $75

Maximum possible payment: $275

Activities that may qualify include:

  • Contacting financial institutions
  • Monitoring credit reports
  • Placing fraud alerts
  • Resolving unauthorized transactions
  • Responding to identity theft concerns

Category C: Credit Card Annual Fees

Some class members may also recover annual Capital One credit card fees paid during the eligible period.

Eligible claimants can receive up to $50 under this category.


Important Settlement Deadlines

Several important dates will determine whether affected Canadians can participate in the settlement.

July 13, 2026

Court-approved notice of the proposed settlement was first published.

September 11, 2026

This is the deadline to:

  • Opt out of the settlement
  • Submit objections to the proposed agreement

Individuals who miss this deadline will generally remain part of the settlement automatically.

September 22, 2026

The Supreme Court of British Columbia will hold the settlement approval hearing.

Claims Period

Claims cannot be submitted until after the court grants approval.

The official claims process and filing deadline will be announced later if the settlement receives final approval.


Should You Remain in the Settlement?

Every eligible class member must decide whether remaining in the class is the best option.

If you stay in the settlement and it receives court approval, you will have the opportunity to submit eligible claims for compensation.

However, remaining in the class also means giving up the right to file your own lawsuit against Capital One regarding this particular data breach.

For many Canadians with relatively modest losses, remaining in the class may provide the simplest path toward receiving compensation.

Individuals with unusually significant documented damages may wish to seek independent legal advice before making their decision.


What Happens if You Opt Out?

Choosing to opt out means:

  • You will not receive any payment from this settlement.
  • You keep your legal right to sue Capital One independently.
  • Any separate lawsuit would be your own responsibility, including legal costs and court proceedings.

There is no guarantee that pursuing individual litigation would result in greater compensation.


Why Quebec Residents Are Excluded

The proposed settlement specifically excludes residents of Quebec.

This is because Quebec operates under a separate civil law system with its own procedures governing class action lawsuits.

Claims involving Quebec residents are generally handled through the Superior Court of Quebec under provincial legislation.

Anyone living in Quebec who believes they were affected should seek legal advice regarding any separate proceedings that may apply.


How to Prepare Before the Claims Process Begins

Although claims have not yet opened, eligible Canadians can begin preparing now.

Gather Financial Records

Collect receipts, invoices, bank statements, and any documents showing expenses related to the breach.

Save Credit Monitoring Records

If you purchased identity theft protection or credit monitoring services after receiving the notification letter, keep proof of payment.

Record Time Spent

Make notes detailing the time spent contacting banks, monitoring accounts, resolving fraud concerns, or dealing with identity theft issues.

Locate Annual Fee Records

If you paid annual Capital One card fees during the eligible years, gather statements confirming those payments.

Being organized now could make submitting your claim much easier once the official claims process begins.


What Happens Next?

The future of the settlement depends on the court’s approval hearing scheduled for September 22, 2026.

If approved, the claims administrator will publish detailed instructions explaining:

  • When claims can be submitted
  • Required documentation
  • Filing deadlines
  • Payment timelines

Eligible Canadians should monitor official settlement announcements to avoid missing future deadlines.


Final Thoughts

The proposed $35 million Capital One data breach settlement represents a significant opportunity for eligible Canadians whose personal information was exposed during the 2019 cybersecurity incident. While Capital One denies liability, the agreement offers financial compensation for documented losses, time spent addressing the breach, and certain annual credit card fees.

Leave a Reply

Your email address will not be published. Required fields are marked *