A data breach to Capital One servers in March exposed the personal information of nearly 106 million of the bank’s customers and applicants. The hack, which included US and Canadian customers of the banking and credit card company, comes a week after the settlement reached between Equifax and the Federal Trade Commission concerning a hack in 2017 that affected 147 million customers.
According to Capital One, the breach on March 22 and 23, 2019, resulted in the hacker gaining access to personal information related to credit card applications from 2005 to early 2019 for consumers, applicants and small businesses. Capital One detected the breach on July 19. Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, Social Security numbers and linked bank account numbers.
About 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed, Capital One said. And for Canadian credit card customers and applicants, approximately 1 million Social Insurance Numbers. Capital One said, however, that no credit card account numbers or login credentials were revealed in the hack.
In response, Capital One said it will notify customers and credit card applicants whose data was exposed in the breach, and the Department of Justice announced it had charged a Seattle engineer in the theft.
How to find out if your information was stolen
Capital One said it will contact by letter U.S. individuals whose Social Security numbers or linked bank account numbers were part of the hack. Affected individuals can probably expect to hear the week of August 5. At the moment, Capital One doesn’t have a website that lets you check for yourself, unlike with the tool Equifax released to see if you were part of its data breach.
Be on guard for emails and phone calls from scammers posing as Capital One or government representatives asking for credit card or account information, your Social Security number or other personal information.
What Capital One is doing about the hack
Capital One said it has fixed the exploit the hacker used to access the data and has worked with federal law enforcement on the breach. The banking company said it will reach out to customers who were part of the hack and will offer free credit monitoring and identity protection to those customers affected by the breach.
How to monitor your credit report for fraud
You don’t have to wait for Capital One to contact you: You can take several steps right now to watch for fraud.
Monitor your credit reports. You get one free credit report a year from the three major credit bureaus: Equifax, Experian and TransUnion. (Note that Equifax is recovering from its own data breach.) On your report, look for unusual or unfamiliar activity, such as the appearance of new accounts you didn’t open. And watch your credit card accounts and bank statements for unexpected charges and payments.
Sign up for a credit monitoring service. Pick a credit monitoring service that constantly monitors your credit report on major credit bureaus and alerts when it detects unusual activity. To help with the monitoring, you can set fraud alerts that notify you if someone is trying to use your identity to create credit.
