Capital One Hit by Data Breach

Capital One Financial COF disclosed that it was hit by a data breach affecting 100 million customers, which the company estimates will result in $100 million-$150 million in charges. The hack was committed by a former Amazon Web Services employee who was able to access data taken from credit card applications. It appears the perpetrator was able to obtain security credentials of an existing account. In our research, we have praised Capital One’s migration to AWS, which we have said is significantly more secure than on-premises facilities. We still believe this to be true, but AWS isn’t invulnerable to every security breach, as this case clearly demonstrates. Furthermore, based on the suspect’s Twitter activity and Slack posts, as detailed by security expert Brian Krebs, it appears Capital One isn’t the only company affected by this--it’s just the first company to publicly acknowledge it has been hacked and the most proactive in addressing the security situation. Though we’ll make near-term changes to our model to reflect the $100 million-$150 million in charges the company plans to take, we do not anticipate any material changes to our $133 fair value estimate.

While this is a setback for Capital One, investors should view it as an opportunity to purchase the shares at more than a 30% discount to our fair value estimate. We still support the company’s move to AWS and are impressed by how a company of Capital One’s size has been able to disentangle itself from expensive legacy technology. The company is the first large financial institution to attempt to migrate its core operations to the cloud, and it should be expected there would be obstacles. Once its cloud migration is complete, Capital One’s technology stack will be much leaner than rivals and enables accelerated prototyping and testing of new applications that currently is extremely difficult using on-premises servers, which is partly why we view Capital One so favorably.

Morningstar Premium Members gain exclusive access to our full analyst reports, including fair value estimates, bull and bear breakdowns, and risk analyses. Not a Premium Member? Get this and other reports immediately when you try Morningstar Premium free for 14 days.