On July 29, 2019, Capital One Financial Corporation released a statement that they had discovered unauthorized access to the personal information of approximately 100 million individuals in the U.S. and 6 million in Canada. The hacker was able to exploit a vulnerability in their system that gave them access to credit scores and balances, as well as the Social Security numbers of about 140,000 customers and bank account numbers from about 80,000 credit card customers.
Capital One has fixed the vulnerability in their system and the FBI has arrested the person responsible. Though their initial investigation leads them to believe it is unlikely that the stolen data was used for fraud, Capital One cannot confirm that no fraud occurred as a result of the breach.
The largest category of information accessed was information on consumers and small businesses who applied for credit card products from 2005 through early 2019. The hacker stole names, addresses, phone numbers, dates of birth, and other financial data regularly collected during the application process.
What Can I Do?
Any time there is a major hack or data breach, there are steps you should take to protect yourself. Often, these hacking attempts are used to gather phone numbers and email addresses of customers who will then be contacted by fraudsters looking to get more data from unsuspecting victims.
Remember: never give out your personal details over phone or email, even if the caller claims to represent Capital One or the email appears to be from Capital One. Simply hang up and call the number on the back of your credit card; if the call or email was legitimate, you will be able to resolve the issue when you call back. Whenever there is a large data breach like this, you’ll find a lot of shady people taking advantage of the confusion.
Here are some steps you should take to protect yourself in the wake of this breach:
- Monitor your accounts. There aren’t many ways you can check if your data has been compromised, so being vigilant is key. Companies will often alert affected customers, but it is not a requirement to do so.
- Freeze or lock your credit. A freeze prevents consumers from taking out new loans or lines of credit without unfreezing their credit report, but it also prevents hackers from doing the same with your leaked information. Credit agencies also offer a similar service called “locking” that typically costs a monthly fee.
- Sign up for fraud protection. There are plenty of credit monitoring services like Lifelock, EZ Shield, and Identity Guard that can help keep an eye on your credit score and shut down fraudulent activity as quickly as possible. Most of these services offer additional benefits to help prevent identity theft.
- Know the difference between a hack and a breach. The criminal in this instance hacked Capital One to steal personal information. Meanwhile, a breach just means that personal information was left exposed and could have been stolen. Just because your information was part of the breach does not mean it was stolen or will be used for fraudulent activity.
For more information, you can click here to read Capital One’s official statement about the breach.