Skip to content

Lessons Learned for Maintaining Privilege: Capital One Data Breach

Why This Privacy Law is Important:

In March of 2019, an unauthorized person gained access to sensitive Capital One customer information. In July, Capital One notified the public of the breach, and many lawsuits followed, including a plaintiffs’ motion to compel production of Capital One’s cyber-forensic report to learn how the malicious attack allowed a breach into Capital One’s systems.


Capital One stated that their report was privileged, as it was requested by a law firm and prepared because of the anticipated litigation they were now facing. The Court disagreed, however, stating that the report was not privileged. The cybersecurity firm which helped prepare the forensic report, already had a working relationship with Capital One, thus leading the Court to believe that the report was prepared for business and regulatory purposes, and that it wouldn’t have been substantially different if privilege was granted.

Download the Privacy Alert to the right to get the full text and expert analysis!