Capital One Latest Victim of Hacking Attacks. Here's What to Do
The electronic ink isn't even dry on your refund request to Equifax for its data breach, and now your personal information could be compromised again, if you've got a Capital One credit card. Here's what happened and what you can do to try to protect yourself from identity theft.
Capital One announced it had discovered the breach on July 19, which affected around 100 million people in the United States and about six million people in Canada. The hacker was able to grab information from consumer and small business credit card applications made between 2005 and early this year.
The hacker got access to credit scores, limits and balances; payment history and contact information from an unspecified number of credit card customers. Twenty-three days' worth of transaction data from 2016, 2017 and 2018 was also stolen. Plus, 140,000 Social Security numbers were taken, and the account numbers for about 80,000 linked bank accounts belonging to cardholders who have secured cards. About one million Canadian customers' Social Insurance Numbers were leaked.
One of the silver linings in this incident is that Capital One worked with federal law enforcement, and they were able to find and arrest the hacker.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Richard D. Fairbank, Capital One's chairman and CEO, in a statement. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
Capital One said that it didn't appear that the hacker tried to sell or give away the stolen information, but is investigating that element to make sure that isn't the case. Regardless, the bank said it was going to offer free credit monitoring and identity protection to those who had their accounts compromised.
While that's helpful, there are several things you can take to protect yourself and your identity. One of the most impactful ways to do this is to put a freeze on your credit report. This limits the access to your credit history, particularly to entities that may give you credit. If a thief tried to open a credit card in your name and your credit was frozen, that bank would deny the application because they couldn't see your credit report.
You'll need to freeze your credit with all three credit bureaus, Equifax, Experian and Transunion. Also keep in mind that if you want to get a new credit card or a loan--or in some cases, apply for a job, you'll have to temporarily lift that freeze, which could make you vulnerable for that period of time.
There are other simple habits you can develop to keep your own information safe as well. Keeping your personal financial information private is important because it can be easily exploited, particularly Social Security numbers, credit card information and PINs. If you get a marketing call or an email asking for them, don't give them out.
Email phishing scams can be difficult to detect, but when banks and credit cards see issues with your accounts, they don't provide links within an email for you to log in to your account. When you get those in an email, don't click on them. Also check the sender to see if the email legitimately came from your bank.
While these breaches may erode trust between banks and consumers, the federal government does provide some oversight and has created regulations that allow consumers to access a free credit report every year in order to keep an eye on their credit history.
Congresswoman Maxine Waters, chairwoman of the House Committee on Financial Services stated, "This data breach shows that it’s not just big technology companies and credit reporting agencies like Equifax that are vulnerable to hacking and data breaches – big banks are vulnerable targets as well. As this is not the first incident in which Capital One’s customer data was exposed, we need to understand what bank regulators have been doing to ensure that this bank, and other banks, have strong cybersecurity policies and practices. We must also understand what bank regulators are doing to ensure strong oversight of third-party technology providers that banks work with."