In March 2019, Capital One experienced a data breach affecting over 100 million consumers. The Capital One data breach is the subject of consumer multi-district litigation pending in federal court in Virginia. The case is currently in the discovery stage. The plaintiffs sought production of an investigative report by Capital One’s vendor, FireEye, Inc. dba Mandiant that was undertaken within days of the financial institution’s discovery of the breach in July 2019.
Instead of voluntarily producing the report, Capital One filed a motion for a protective order, arguing that the report was conducted in anticipation of litigation and is therefore protected by the attorney-client work product privilege. The Magistrate Judge disagreed, denying Capital One’s motion and ordering production of the report. The court concluded that Capital One did not present “sufficient evidence to show that the incident response services performed by Mandiant would not have been done in substantially similar form even if there was no prospect of litigation.”
© 2020 Ossian Law P.C.