Capital One is facing a collective agreement of $425 millions after the 2019 cyberattack and data breach that exposed private information from around 100 million clients. This agreement also covers claims about bank interests that were offered in 360 savings, where allegedly, some users with older accounts received lower rates while promoting new accounts with higher returns.
The objectives for this agreements are two then; consumer restitution and increasing bank security and entity cybersecurity. The case was even commented inside the financial system of the U.S., because it shows how a big bank can respond to security failures and rate practices.
If you had a 360 savings account between September 2019 and Jun 2025, you will receive an automatic compensation (if you qualify). The agreement is waiting for final approval from the Federal Court, and once this happens, payments distributions will begin. Furthermore, the bank has compromised to apply more strict internal protocol to reduce risks of digital fraud and communicate with more clarity about terms and rates.
Who qualifies as plaintiff and how payments work
According to the collective agreements documents, any person who had an active 360 savings account between September 2019 and June 2025 is elegible. Yo don’t need to present a claim or any type of forms: the automatic compensation will be send to those who meet the criteria.
However, you had to check and update your payment details in the official website for the agreement before October 2, 2025. People had the option to choose between electronic deposit or a check by mail.
And even if you closed your 360 savings after that period of time, you still have a right to your compensation, you will receive a unique payment. If you didn’t want to participate, a notification had to be done by October 2. Remember that the agreement is still waiting for approbation, and only when that redivision is completa, the payments will be release.
What this settlement proves
This class action lawsuit is big because it treats a cyberattack from 2019 and the data breach caused by it, which was one of the most known filtrations from the financial sector that compromised sensitive data like credit scores, and social security numbers. The consumer restitution looks to make the impact a little less heavy by sending money to those who suffer from the attack. And, it also answers to the complaints about the banks interests in 360 savings’ accounts, where the plaintiffs argued that old account rates did not keep up with competing products while new more attractive accounts were announced. This agreement though, propose to find a solution for both problems.
Besides, it forces Capital One to increase their bank security system and cybersecurity altogether, with transparent communication towards their clients. Which, in turn is important for the financial system of the U.S. because it shows how big institutions can face consequences when they fail to protect private information or give misleading messages.
Enhancing internal controls and reducing risks of digital fraud, is not an option anymore.
What to expect now from Capital On and the collective lawsuit
If your part of the group that have been affected with 360 savings (active between 2019 and 2025) or the data breach, you’re already on the list for automatic compensation, which is just waiting for final approve from the federal court.
Taking care of bank security and cybersecurity is not only a duty of the bank, it is the basis of trust in the entire financial system of the U.S.
I think Capital One has that one clear now, with a $425 million settlement agreement and the responsibility to ensure the data privacy and cybersecurity, they will probably do the necessary to avoid something this big to ever happen again.